From: Krzysztof Jackiewicz Date: Mon, 26 Jun 2017 09:34:33 +0000 (+0200) Subject: Imported Upstream version 1.7.7 X-Git-Tag: upstream/1.7.7 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=aea777f059b8a3fb349ae28d470b9289a9b39d7f;p=platform%2Fupstream%2Flibgcrypt.git Imported Upstream version 1.7.7 Change-Id: I9b0547a49ce72732e8028f3f4d8ee8f340bfd82b --- diff --git a/ChangeLog b/ChangeLog index d1c5ada..555340b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8675 +1,16 @@ -2017-01-18 Werner Koch +No more ChangeLog files +======================== - Release 1.7.6. - + commit 64e4808c05894b623f06c526a37ae2b77c31e36d - * configure.ac: Set LT version to C21/A1/R6. +Do not modify any of the ChangeLog files in Libgcrypt. Starting on +December 1st, 2011 we put change information only in the GIT commit +log, and generate a top-level ChangeLog file from logs at "make dist" +time. As such, there are strict requirements on the form of the +commit log messages. See doc/HACKING for details. The old ChangeLog +files have all be renamed to ChangeLog-2011. - Revert "rijndael-ssse3: move assembly functions to separate source-file" - + commit 5053e0112ee3ef757a3a4ae26eed117dd1fb0211 - This reverts commit a77c36921bde79418cdf6d7a7543514c39c9796c. -2017-01-18 Jussi Kivilinna - mpi: amd64: fix too large jump alignment in mpih-rshift. - + commit 1817c9eab5699c097d3713f197e4a3e8b5c1442c - * mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Use 16-byte alignment - with 'ALIGN(4)' instead of 256-byte. - - rijndael-ssse3: move assembly functions to separate source-file. - + commit a77c36921bde79418cdf6d7a7543514c39c9796c - * cipher/Makefile.am: Add 'rinjdael-ssse3-amd64-asm.S'. - * cipher/rinjdael-ssse3-amd64-asm.S: Moved assembly functions - here ... - * cipher/rinjdael-ssse3-amd64.c: ... from this file. - (_gcry_aes_ssse3_enc_preload, _gcry_aes_ssse3_dec_preload) - (_gcry_aes_ssse3_shedule_core, _gcry_aes_ssse3_encrypt_core) - (_gcry_aes_ssse3_decrypt_core): New. - (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec) - (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) - (do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Update to use external - assembly functions; remove 'aes_const_ptr' variable usage. - (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_decrypt) - (_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc) - (_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec) - (_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec) - (_gcry_aes_ssse3_ocb_auth): Remove 'aes_const_ptr' variable usage. - * configure.ac: Add 'rinjdael-ssse3-amd64-asm.lo'. - - rijndael-ssse3: fix counter operand from read-only to read/write. - + commit 34135cd4128b7d2b288323474a8d05a38022b4fa - * cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change - 'ctrlow' operand from read-only to read-write. - -2017-01-18 Werner Koch - - random: Call getrandom before select and emitting a progress callback. - + commit e4c0159974b011ddc1979acdec311234d9bc2ea8 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom - call before the select. - -2016-12-15 Werner Koch - - Release 1.7.5. - + commit 89ec6c103739d41624bb5b899926efc26b215dda - * configure.ac: Set LT version to C21/A1/R5. - -2016-12-15 Werner Koch - Nicolas Porcel - - Fix regression in broken mlock detection. - + commit b4d1ab824172b8221011680cda00d7623de5c9f5 - * acinclude.m4 (GNUPG_CHECK_MLOCK): Fix typo EGAIN->EAGAIN. - -2016-12-09 Werner Koch - - Release 1.7.4. - + commit a72ce0a1fbb3648d80696885d6a7e78b3029bebc - * configure.ac: Bump LT version to C21/A1/R4. - - Improve handling of mlock error codes. - + commit d6f84f4fc59235795ae393d8fab0081eb5889120 - * acinclude.m4 (GNUPG_CHECK_MLOCK): Check also for EAGAIN which is a - legitimate return code and does not indicate a broken mlock(). - * src/secmem.c (lock_pool_pages): Test ERR instead of ERRNO which - could have been overwritten by cap_from+text et al. - -2016-12-09 Stephan Mueller - - random: Eliminate unneeded memcpy invocations in the DRBG. - + commit 008fd92917547981d3c4dc77fd1e8c242bf4a7ea - * random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a - pointer instead. - (drbg_instantiate): Reduce size of scratchpad. - (drbg_hmac_update): Avoid use of scratch buffers for the hash. - (drbg_hmac_generate, drbg_hash_df): Ditto. - (drbg_hash_process_addtl): Ditto. - (drbg_hash_hashgen): Ditto. - (drbg_hash_generate): Ditto. - - random: Add performance improvements for the DRBG. - + commit c6b7041bbc11391b7c6b0bf649aa4979ad3d0b52 - * random/random-drbg.c (struct drbg_state_ops_s): New function - pointers 'crypto_init' and 'crypto-fini'. - (struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and - 'ctr_null'. - (drbg_hash_init, drbg_hash_fini): New. - (drbg_hmac_init, drbg_hmac_setkey): New. - (drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New. - (drbg_sym_ctr): New. - (drbg_ctr_bcc): Set the key. - (drbg_ctr_df): Ditto. - (drbg_hmac_update): Ditto. - (drbg_hmac_generate): Replace drgb_hmac by drbg_hash. - (drbg_hash_df): Ditto. - (drbg_hash_process_addtl): Ditto. - (drbg_hash_hashgen): Ditto. - (drbg_ctr_update): Rework. - (drbg_ctr_generate): Rework. - (drbg_ctr_ops): Init new functions pointers. - (drbg_uninstantiate): Call fini function. - (drbg_instantiate): Call init function. - - cipher: New function for reading the counter in CTR mode. - + commit 9678a9f3dcbd2944d62f12c63fa27a8fd72b1201 - * cipher/cipher.c (gcry_cipher_getctr): New. - -2016-12-07 Werner Koch - - Implement overflow secmem pools for xmalloc style allocators. - + commit 73dca02b9cc6d542af153c527190832f9c421ef3 - * src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and - cur_blocks. - (cur_alloced, cur_blocks): Remove vars. - (ptr_into_pool_p): Make it inline. - (stats_update): Add arg pool and update the new pool specific - counters. - (_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow - pools as needed. - (_gcry_secmem_malloc): Pass XHINTS along. - (_gcry_secmem_realloc_internal): Ditto. - (_gcry_secmem_realloc): Ditto. - (_gcry_secmem_free_internal): Take multiple pools in account. Add - return value to indicate whether the arg was freed. - (_gcry_secmem_free): Add return value to indicate whether the arg was - freed. - (_gcry_private_is_secure): Take multiple pools in account. - (_gcry_secmem_term): Release all pools. - (_gcry_secmem_dump_stats): Print stats for all pools. - * src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure - test with a direct call of _gcry_secmem_free to avoid double checking. - - Give the secmem allocators a hint when a xmalloc calls them. - + commit 1433fce11c90bb44ada51071f342ad67b469ea81 - * src/secmem.c (_gcry_secmem_malloc): New not yet used arg XHINT. - (_gcry_secmem_realloc): Ditto. - * src/stdmem.c (_gcry_private_malloc_secure): New arg XHINT to be - passed to the secmem functions. - (_gcry_private_realloc): Ditto. - * src/g10lib.h (GCRY_ALLOC_FLAG_XHINT): New. - * src/global.c (do_malloc): Pass this flag as XHINT to the private - allocator. - (_gcry_malloc_secure): Factor code out to ... - (_gcry_malloc_secure_core): this. Add arg XHINT. - (_gcry_realloc): Factor code out to ... - (_gcry_realloc_core): here. Add arg XHINT. - (_gcry_strdup): Factor code out to ... - (_gcry_strdup_core): here. Add arg XHINT. - (_gcry_xrealloc): Use the core function and pass true for XHINT. - (_gcry_xmalloc_secure): Ditto. - (_gcry_xstrdup): Ditto. - - Reorganize code in secmem.c. - + commit 2bc361485d8bc0d8cdb3b4ae6e304885eeaab889 - * src/secmem.c (pooldesc_t): New type to collect information about one - pool. - (pool_size): Remove. Now a member of pooldesc_t. - (pool_okay): Ditto. - (pool_is_mmapped): Ditto. - (pool): Rename variable ... - (mainpool): And change type to pooldesc_t. - (ptr_into_pool_p): Add arg 'pool'. - (mb_get_next): Ditto. - (mb_get_prev): Ditto. - (mb_merge): Ditto. - (mb_get_new): Ditto. - (init_pool): Ditto. - (lock_pool): Rename to ... - (look_pool_pages: this. - (secmem_init): Rename to ... - (_gcry_secmem_init_internal): this. Add local var POOL and init with - address of MAINPOOL. - (_gcry_secmem_malloc_internal): Add local var POOL and init with - address of MAINPOOL. - (_gcry_private_is_secure): Ditto. - (_gcry_secmem_term): Ditto. - (_gcry_secmem_dump_stats): Ditto. - (_gcry_secmem_free_internal): Ditto. Remove check for NULL arg. - (_gcry_secmem_free): Add check for NULL arg before taking the lock. - (_gcry_secmem_realloc): Factor most code out to ... - (_gcry_secmem_realloc_internal): this. - -2016-11-28 Dmitry Eremin-Solenikov - - tests: Add PBKDF2 tests for Stribog512. - + commit a8b2d8b502d9cbc9157c261f12e4623ec20b3960 - * tests/t-kdf.c (check_pbkdf2): Add Stribog512 test cases from TC26's - additions to PKCS#5. - - tests: Add Stribog HMAC tests from TC26ALG. - + commit 432eaf2ab83631a4e70ad4ecd20a9b6f81c1c329 - * tests/basic.c (check_mac): add HMAC test vectors from TC26ALG document - for Stribog. - - cipher: Add Stribog OIDs from TC26 space. - + commit d0940e3d194296bc334f06f97ae91b411e1f152f - * cipher/stribog.c (oid_spec_stribog256, oid_spec_stribog512): New. - -2016-11-28 Justus Winter - - tests: Fix memory leak. - + commit 4bfec0a52af8c847f558b9ade56d896c224019b3 - * tests/basic.c (check_gost28147_cipher): Free cipher handles. - -2016-11-25 Dmitry Eremin-Solenikov - - Cast oid argument of gcry_cipher_set_sbox to disable compiler warning. - + commit a22d7bb3945cec2d8a6b23d8f2bd2f675bb2f4e6 - * src/gcrypt.h.in (gcry_cipher_set_sbox): Cast oid to (void *). - - gost: Rename tc26 s-box from A to Z. - + commit 298cb926d28ae76ab2af1b028e7b06ae2358a234 - * cipher/gost-s-box.c (gost_sboxes): Rename TC26_A to TC26_Z as it is - the name that ended up in all standards. - - tests: Add test to verify GOST 28147-89 against known results. - + commit 76fa65940ff9d4baf17b42f671191720b9ea96f1 - * tests/basic.c (check_gost28147_cipher): new test function. - -2016-11-17 Dmitry Eremin-Solenikov - - cipher/gost28147: Fix CryptoPro-B S-BOX. - + commit 15718db54b2888a704b020cb1032954b443c6686 - * cipher/gost-s-box.c: CryptoPro_B s-box missed one line, resulting in - incorrect encryption/decryption using that s-box. Add missing data. - -2016-11-01 NIIBE Yutaka - - cipher: Fix IDEA cipher for clearing memory. - + commit bf6d5b10cb4173826f47ac080506b68bb001acb2 - * cipher/idea.c (invert_key): Use wipememory, since this kind of memset - may be removed by compiler optimization. - -2016-10-09 Jussi Kivilinna - - GCM: Add bulk processing for ARMv8/AArch64 implementation. - + commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0 - * cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing. - - GCM: Add bulk processing for ARMv8/AArch32 implementation. - + commit 27747921cb1dfced83c5666cd1c474764724c52b - * cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing. - * tests/basic.c (check_digests): Print correct data length for "?" - tests. - (check_one_mac): Add large 1000000 bytes tests, when input is "!" or - "?". - (check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305. - -2016-09-11 Jussi Kivilinna - - Add Aarch64 assembly implementation of Twofish. - + commit 5418d9ca4c0e087fd6872ad350a996fe74880d86 - * cipher/Makefile.am: Add 'twofish-aarch64.S'. - * cipher/twofish-aarch64.S: New. - * cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and - HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. - * configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'. - -2016-09-05 Jussi Kivilinna - - Add Aarch64 assembly implementation of Camellia. - + commit de73a2e7237ba7c34ce48bb5fb671aa3993de832 - * cipher/Makefile.am: Add 'camellia-aarch64.S'. - * cipher/camellia-aarch64.S: New. - * cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn - size to zero. - * cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and - HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. - * configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'. - - Add ARMv8/AArch64 Crypto Extension implementation of AES. - + commit 4cd8d40d698564d24ece2af24546e34c58bf2961 - * cipher/Makefile.am: Add 'rijndael-armv-aarch64-ce.S'. - * cipher/rijndael-armv8-aarch64-ce.S: New. - * cipher/rijndael-internal.h (USE_ARM_CE): Enable for ARMv8/AArch64. - * configure.ac: Add 'rijndael-armv-aarch64-ce.lo' and - 'rijndael-armv8-ce.lo' for ARMv8/AArch64. - - Add ARMv8/AArch64 Crypto Extension implementation of GCM. - + commit 0b332c1aef03a735c1fb0df184f74d523deb2f98 - * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch64-ce.S'. - * cipher/cipher-gcm-armv8-aarch64-ce.S: New. - * cipher/cipher-internal.h (GCM_USE_ARM_PMULL): Enable on - ARMv8/AArch64. - - Add ARMv8/AArch64 Crypto Extension implementation of SHA-256. - + commit 2d4bbc0ad62c54bbdef77799f9db82d344b7219e - * cipher/Makefile.am: Add 'sha256-armv8-aarch64-ce.S'. - * cipher/sha256-armv8-aarch64-ce.S: New. - * cipher/sha256-armv8-aarch32-ce.S: Move round macros to correct - section. - * cipher/sha256.c (USE_ARM_CE): Enable on ARMv8/AArch64. - * configure.ac: Add 'sha256-armv8-aarch64-ce.lo'; Swap places for - 'sha512-arm.lo' and 'sha256-armv8-aarch32-ce.lo'. - - Add ARMv8/AArch64 Crypto Extension implementation of SHA-1. - + commit e4eb03f56683317c908cb55be727832810dc8c72 - * cipher/Makefile.am: Add 'sha1-armv8-aarch64-ce.S'. - * cipher/sha1-armv8-aarch64-ce.S: New. - * cipher/sha1.c (USE_ARM_CE): Enable on ARMv8/AArch64. - * configure.ac: Add 'sha1-armv8-aarch64-ce.lo'. - -2016-09-04 Jussi Kivilinna - - Add AArch64 assembly implementation of AES. - + commit 595251ad37bf1968261d7e781752513f67525803 - * cipher/Makefile.am: Add 'rijndael-aarch64.S'. - * cipher/rijndael-aarch64.S: New. - * cipher/rijndael-internal.h: Enable USE_ARM_ASM if __AARCH64EL__ and - HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined. - * configure.ac (gcry_cv_gcc_aarch64_platform_as_ok): New check. - [host=aarch64]: Add 'rijndael-aarch64.lo'. - -2016-08-17 Werner Koch - - Release 1.7.3. - + commit f8241874971478bdcd2bc2082d901d05db7b256d - * configure.ac: Set LT version to C21/A1/R3. - - random: Hash continuous areas in the csprng pool. - + commit 8dd45ad957b54b939c288a68720137386c7f6501 - * random/random-csprng.c (mix_pool): Store the first hash at the end - of the pool. - - random: Improve the diagram showing the random mixing. - + commit 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 - * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20. - -2016-07-19 Jussi Kivilinna - - crc-intel-pclmul: split assembly block to ease register pressure. - + commit f38199dbc290003898a1799adc367265267784c2 - * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline - assembly block handling 4 byte input into multiple blocks. - - rijndael-aesni: split assembly block to ease register pressure. - + commit a4d1595a2638db63ac4c73e722c8ba95fdd85ff7 - * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register - constraint for passing 'bige_addb' to assembly block; split - first inline assembly block into two parts. - -2016-07-14 Jussi Kivilinna - - Add ARMv8/AArch32 Crypto Extension implementation of AES. - + commit 05a4cecae0c02d2b4ee1cadd9c08115beae3a94a - * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and - 'rijndael-armv-aarch32-ce.S'. - * cipher/rijndael-armv8-aarch32-ce.S: New. - * cipher/rijndael-armv8-ce.c: New. - * cipher/rijndael-internal.h (USE_ARM_CE): New. - (RIJNDAEL_context_s): Add 'use_arm_ce'. - * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey) - (_gcry_aes_armv8_ce_prepare_decryption) - (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt) - (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc) - (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec) - (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt) - (_gcry_aes_armv8_ce_ocb_auth): New. - (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key - setup for ARM CE. - (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) - (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec) - (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add - ARM CE support. - * configure.ac: Add 'rijndael-armv8-ce.lo' and - 'rijndael-armv8-aarch32-ce.lo'. - - Add ARMv8/AArch32 Crypto Extension implementation of GCM. - + commit 962b15470663db11e5c35b86768f1b5d8e600017 - * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'. - * cipher/cipher-gcm-armv8-aarch32-ce.S: New. - * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL] - (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull) - (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New. - (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if - HWF_ARM_PULL HW feature flag is enabled. - * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New. - - Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256. - + commit 34c64eb03178fbfd34190148fec5a189df2b8f83 - * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'. - * cipher/sha256-armv8-aarch32-ce.S: New. - * cipher/sha256.c (USE_ARM_CE): New. - (sha256_init, sha224_init): Check features for HWF_ARM_SHA1. - [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New. - (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports. - (SHA256_CONTEXT): Add 'use_arm_ce'. - * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'. - - Add ARMv8/AArch32 Crypto Extension implementation of SHA-1. - + commit 3d6334f8d94c2a4df10eed203ae928298a4332ef - * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'. - * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add - missing size. - * cipher/sha1-armv8-aarch32-ce.S: New. - * cipher/sha1.c (USE_ARM_CE): New. - (sha1_init): Check features for HWF_ARM_SHA1. - [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New. - (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports - it. - * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'. - * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'. - - Add HW feature check for ARMv8 AArch64 and crypto extensions. - + commit eee78f6e1fbce7d54c43fb7efc5aa8be9f52755f - * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm - module on 64-bit ARM. - (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto) - (gcry_cv_inline_asm_aarch64_neon) - (gcry_cv_gcc_inline_asm_aarch64_crypto): New. - * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2) - (HWF_ARM_PMULL): New. - * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode. - (feature_map_s): New. - [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL) - (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New. - [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES) - (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New. - (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use - 'unsigned long'. - (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags. - (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags. - (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__. - * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2' - and 'arm-pmull'. - -2016-07-14 Werner Koch - - Release 1.7.2. - + commit be0bec7d9208b2f2d2ffce9cc2ca6154853e7e59 - * configure.ac: Set LT version to C21/A1/R2. - * Makefile.am (distcheck-hook): New. - -2016-07-13 Werner Koch - - build: Update config.{guess,sub} to {2016-05-15,2016-06-20}. - + commit e535ea1bdc42309553007d60599d3147b8defe93 - * build-aux/config.guess: Update. - * build-aux/config.sub: Update. - -2016-07-08 Jussi Kivilinna - - Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON. - + commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1 - * cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8) - (UNALIGNED_LDMIA4): New. - (_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of - ldm/stm instructions directly. - * cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2) - (UNALIGNED_LDMIA4): New. - (_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks) - (_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead - of ldm instruction directly. - -2016-07-03 Jussi Kivilinna - - bench-slope: add unaligned buffer mode. - + commit 496790940753226f96b731a43d950bd268acd97a - * tests/bench-slope.c (unaligned_mode): New. - (do_slope_benchmark): Unalign buffer if in unaligned mode enabled. - (print_help, main): Add '--unaligned' parameter. - -2016-07-01 Jussi Kivilinna - - Fix static build. - + commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8 - * tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'. - -2016-06-30 Jussi Kivilinna - - Disallow encryption/decryption if key is not set. - + commit 07de9858032826f5a7b08c372f6bcc73bbb503eb - * cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not - NONE, make sure that key is set. - * cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear - 'marks.key' when reseting state. - - Avoid unaligned accesses with ARM ldm/stm instructions. - + commit a6158a01a4d81a5d862e1e0a60bfd6063443311d - * cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always - compile with unaligned load/store code paths. - * cipher/sha512-arm.S: Ditto. - - Fix non-PIC reference in PIC for poly1305/ARMv7-NEON. - + commit a09126242a51c4ea4564b0f70b808e4f27fe5a91 - * cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New. - (_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER. - - Fix wrong CPU feature #ifdef for SHA1/AVX. - + commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba - * cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of - HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2. - -2016-06-30 Werner Koch - - random: Remove debug message about not supported getrandom syscall. - + commit 6965515c73632a088fb126a4a55e95121671fa98 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug - for getrandom error ENOSYS. - -2016-06-27 Werner Koch - - tests: Do not test SHAKE128 et al with gcry_md_hash_buffer. - + commit 4d634a098742ff425b324e9f2a67b9f62de09744 - * tests/benchmark.c (md_bench): Do not test variable lengths algos - with the gcry_md_hash_buffer. - - md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer. - + commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c - * cipher/md.c (md_read): Detect missing read function. - (_gcry_md_hash_buffers): Return an error. - -2016-06-25 Werner Koch - - ecc: Fix memory leak. - + commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a - * cipher/ecc.c (ecc_check_secret_key): Do not init point if already - set. - - doc: Update yat2m. - + commit 1feb01940062a74c27230434fc3babdddca8caf4 - * doc/yat2m.c: Update from Libgpg-error - - tests: Add attributes to helper functions. - + commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9 - * tests/t-common.h (die, fail, info): Add attributes. - * tests/random.c (die, inf): Ditto. - * tests/pubkey.c (die, fail, info): Add attributes. - * tests/fipsdrv.c (die): Add attribute. - (main): Take care of missing --key,--iv,--dt options. - - Improve robustness and help lint. - + commit 5a5b055b81ee60a22a846bdf2031516b1c24df98 - * cipher/rsa.c (rsa_encrypt): Check for !DATA. - * cipher/md.c (search_oid): Check early for !OID. - (md_copy): Use gpg_err_code_from_syserror. Replace chains of if(!err) - tests. - * cipher/cipher.c (search_oid): Check early for !OID. - * src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0. - * mpi/mpicoder.c (onecompl): Allow for A==NULL to help static - analyzers. - - cipher: Improve fatal error message for bad use of gcry_md_read. - + commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac - * cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG. - -2016-06-16 Niibe Yutaka - - ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. - + commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d - * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) - (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default - cofactor as 1, when not specified. - - ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM. - + commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7 - * cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify) - (ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default - cofactor as 1, when not specified. - -2016-06-15 Werner Koch - - Release 1.7.1. - + commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223 - - - doc: Describe envvars. - + commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc - * doc/gcrypt.texi: Add chapter Configuration. - - random: Change names of debug envvars. - + commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3 - * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to - GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG. - * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to - GCRYPT_RNDW32_NOPERF. - -2016-06-14 Werner Koch - - cipher: Assign OIDs to the Serpent cipher. - + commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e - * cipher/serpent.c (serpent128_oids, serpent192_oids) - (serpent256_oids): New. Add them to the specs blow. - (serpent128_aliases): Add "SERPENT-128". - (serpent256_aliases, serpent192_aliases): New. - - cipher: Assign OIDs to the Serpent cipher. - + commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4 - * cipher/serpent.c (serpent128_oids, serpent192_oids) - (serpent256_oids): New. Add them to the specs blow. - (serpent128_aliases): Add "SERPENT-128". - (serpent256_aliases, serpent192_aliases): New. - -2016-06-08 Werner Koch - - rsa: Implement blinding also for signing. - + commit 1f769e3e8442bae2f1f73c656920bb2df70153c0 - * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... - (secret_blinded): new. - (rsa_sign): Use blinding by default. - - random: Remove debug output for getrandom(2) output. - + commit 52cdfb1960808aaad48b5a501bbce0e3141c3961 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug - output. - - Fix gcc portability on Solaris 9 SPARC boxes. - + commit b766ea14ad1c27d6160531b200cc70aaa479c6dc - * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. - -2016-06-08 Jérémie Courrèges-Anglas - - Check for compiler SSE4.1 support in PCLMUL CRC code. - + commit dc76313308c184c92eb78452b503405b90fc7ebd - * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if - compiler supports PCLMUL *and* SSE4.1 - * cipher/crc.c: Ditto - * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New. - -2016-06-08 NIIBE Yutaka - - ecc: Fix ecc_verify for cofactor support. - + commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e - * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h". - -2016-06-08 Werner Koch - - random: Try to use getrandom() instead of /dev/urandom (Linux only). - + commit c05837211e5221d3f56146865e823bc20b4ff1ab - * configure.ac: Check for syscall. - * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h. - (_gcry_rndlinux_gather_random): Use getrandom is available. - -2016-06-03 Werner Koch - - rsa: Implement blinding also for signing. - + commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8 - * cipher/rsa.c (rsa_decrypt): Factor blinding code out to ... - (secret_blinded): new. - (rsa_sign): Use blinding by default. - - random: Remove debug output for getrandom(2) output. - + commit 82df6c63a72fdd969c3923523f10d0cef5713ac7 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug - output. - -2016-06-02 Werner Koch - - Fix gcc portability on Solaris 9 SPARC boxes. - + commit 4121f15122501d8946f1589b303d1f7949c15e30 - * mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__. - -2016-05-28 Jérémie Courrèges-Anglas - - Check for compiler SSE4.1 support in PCLMUL CRC code. - + commit 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8 - * cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if - compiler supports PCLMUL *and* SSE4.1 - * cipher/crc.c: Ditto - * configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New. - -2016-05-06 NIIBE Yutaka - - ecc: Fix ecc_verify for cofactor support. - + commit c7430aa752232aa690c5d8f16575a345442ad8d7 - * cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h". - -2016-04-26 Werner Koch - - random: Try to use getrandom() instead of /dev/urandom (Linux only). - + commit ee5a32226a7ca4ab067864e06623fc11a1768900 - * configure.ac: Check for syscall. - * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h. - (_gcry_rndlinux_gather_random): Use getrandom is available. - -2016-04-19 Werner Koch - - asm fix for older gcc versions. - + commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb - * cipher/crc-intel-pclmul.c: Remove extra trailing colon from - asm statements. - - asm fix for older gcc versions. - + commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363 - * cipher/crc-intel-pclmul.c: Remove extra trailing colon from - asm statements. - -2016-04-15 Werner Koch - - Release 1.7.0. - + commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a - - -2016-04-14 Werner Koch - - tests: Add test vectors for 256 GiB test of SHA3-256. - + commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f - * tests/hashtest.c: Add new test vectros. - -2016-04-14 Justus Winter - - src: Improve S-expression parsing. - + commit 491586bc7f7b9edc6b78331a77e653543983c9e4 - * src/sexp.c (do_vsexp_sscan): Return an error if a closing - parenthesis is encountered with no matching opening parenthesis. - -2016-04-14 Werner Koch - - cipher: Add constant for 8 bit CFB mode. - + commit 47c6a1f88eb763e9baa394e34d873b761abcebbe - * src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New. - * tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests. - - tests: Add a new test for S-expressions. - + commit 88c6b98350193abbdcfb227754979b0c097ee09c - * tests/t-sexp.c (compare_to_canon): New. - (back_and_forth_one): Add another test. - -2016-04-13 NIIBE Yutaka - - ecc: Fix corner cases for X25519. - + commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b - * cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns - GPG_ERR_INV_DATA instead of aborting with log_fatal. For X25519, - it's not an error, thus, let it return 0. - (ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish - X25519, not by the name of the curve. - (ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead - of aborting with log_fatal. For X25519, it's not an error by its - definition, but we deliberately let it return the error to detect - looks-like-encrypted-message. - * tests/t-cv25519.c: Add points to record the issue. - -2016-04-12 Werner Koch - - cipher: Buffer data from gcry_cipher_authenticate in OCB mode. - + commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b - * cipher/cipher-internal.h (gcry_cipher_handle): Add fields - aad_leftover and aad_nleftover to u_mode.ocb. - * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear - aad_nleftover. - (_gcry_cipher_ocb_authenticate): Add buffering and facor some code out - to ... - (ocb_aad_finalize): new. - (compute_tag_if_needed): Call new function. - * tests/basic.c (check_ocb_cipher_splitaad): New. - (check_ocb_cipher): Call new function. - (main): Also call check_cipher_modes with --ciper-modes. - -2016-04-12 NIIBE Yutaka - - ecc: Fix X25519 computation on Curve25519. - + commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5 - * cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when - PUBKEY_FLAG_DJB_TWEAK is enabled. - (ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled. - * tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt. - - ecc: Fix initialization of EC context. - + commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de - * cipher/ecc.c (test_ecdh_only_keys, ecc_generate) - (ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize - by _gcry_mpi_ec_p_internal_new should carry FLAGS. - -2016-04-06 Werner Koch - - Allow building with configure option --enable-hmac-binary-check. - + commit 65c63144b66392f40b991684789b8b793248e3ba - * src/Makefile.am (mpicalc_LDADD): Add DL_LIBS. - * src/fips.c (check_binary_integrity): Allow use of hmac256 output. - * src/hmac256.c (main): Add option --stdkey - -2016-04-06 NIIBE Yutaka - - ecc: Positive values in computation. - + commit 6f386ceae86a058e26294f744750f1ed2a95e604 - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure - coefficients A and B are positive. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do - "P - T" instead of "-T", so that the result will be positive. - (_gcry_ecc_eddsa_verify): Likewise. - * cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve - instead of _gcry_ecc_update_curve_param. - * mpi/ec.c (ec_subm): Make sure the result will be positive. - (dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use - mpi_sub instead of mpi_neg. - (add_points_edwards): Simply use ec_addm. - * tests/t-mpi-point.c (test_curve): Define curves with positive - coefficients. - -2016-04-01 Werner Koch - - mpi: Explicitly limit the allowed input length for gcry_mpi_scan. - + commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca - * mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New. - (mpi_fromstr): Check against this limit. - (_gcry_mpi_scan): Ditto. - * tests/mpitests.c (test_maxsize): New. - (main): Cal that test. - -2016-03-31 Werner Koch - - cipher: Remove specialized rmd160 functions. - + commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 - * cipher/rmd160.c: Replace rmd.h by hash-common.h. - (RMD160_CONTEXT): Move from rmd.h to here. - (_gcry_rmd160_init): Remove. - (_gcry_rmd160_mixblock): Remove. - (_gcry_rmd160_hash_buffer): Use rmd160_init directly. - * cipher/md.c: Remove rmd.h which was not actually used. - * cipher/rmd.h: Remove. - * cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h. - * configure.ac (USE_RMD160): Allow to build without RMD160. - - random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool. - + commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0 - * cipher/sha1.c (_gcry_sha1_mixblock_init): New. - (_gcry_sha1_mixblock): New. - * random/random-csprng.c: Include sha1.h instead of rmd.h. - (mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing. - - cipher: Move sha1 context definition to a separate file. - + commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2 - * cipher/sha1.c: Replace hash-common.h by sha1.h. - (SHA1_CONTEXT): Move to ... - * cipher/sha1.h: new. Always include all flags. - * cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h. - -2016-03-29 Werner Koch - - tests: Fix buffer overflow in bench-slope. - + commit 48ee918400762281bec5b6fc218a9f0d119aac7c - * tests/bench-slope.c (bench_print_result_std): Remove wrong use of - strncat. - -2016-03-27 Jussi Kivilinna - - cipher: GCM: check that length of supplied tag is one of valid lengths. - + commit f2260e3a2e962ac80124ef938e54041bbea08561 - * cipher/cipher-gcm.c (is_tag_length_valid): New. - (_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length. - * tests/basic.c (_check_gcm_cipher): Add test-vectors with different - valid tag lengths and negative test vectors with invalid lengths. - -2016-03-24 Peter Wu - - cipher: Fix memleaks in (self)tests. - + commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9 - * cipher/dsa.c: Release memory for MPI and sexp structures. - * cipher/ecc.c: Release memory for sexp structure. - * tests/keygen.c: Likewise. - - Mark constant MPIs as non-leaked. - + commit 470a30db241a2d567739ef2adb2a2ee64992d8b4 - * mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked. - -2016-03-23 Werner Koch - - Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info. - + commit fea5971488e049f902d7912df22a945bc755ad6d - * src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New. - * cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature. - - * tests/basic.c (_check_gcm_cipher): Check that new feature. - (_check_poly1305_cipher): Ditto. - (check_ccm_cipher): Ditto. - (do_check_ocb_cipher): Ditto. - (check_ctr_cipher): Add negative test for new feature. - - cipher: Avoid NULL-segv in GCM mode if a key has not been set. - + commit e709d86fe596a4bcf235799468947c13ae657d78 - * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN - has been initialized. - (_gcry_cipher_gcm_decrypt): Ditto. - (_gcry_cipher_gcm_authenticate): Ditto. - (_gcry_cipher_gcm_initiv): Ditto. - (_gcry_cipher_gcm_tag): Ditto. - - cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag. - + commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c - * cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the - provided tag length matches the actual tag length. - -2016-03-23 Peter Wu - - Fix buffer overrun in gettag for Poly1305. - + commit 6821e1bd94969106a70e3de17b86f6e6181f4e59 - * cipher/cipher-poly1305.c: copy a fixed length instead of the - user-supplied number. - -2016-03-23 Werner Koch - - cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag. - + commit 15785bc9fb1787554bf371945ecb191830c15bfd - * cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided - tag length matches the actual tag length. Avoid gratuitous return - statements. - -2016-03-23 Peter Wu - - Fix buffer overrun in gettag for GCM. - + commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85 - * cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied - number. - -2016-03-22 Werner Koch - - tests: Add options --fips to keygen for manual tests. - + commit d328095dd4de83b839d9d8c4bdbeec0956971016 - (main): Add option --fips. - * tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539 - because that is valid in FIPS mode. Check that key generation fails - for too short keys in FIPS mode. - (check_ecc_keys): Check that key generation fails for Ed25519 keys in - FIPS mode. - -2016-03-22 Tomáš Mráz - - rsa: Add FIPS 186-4 compliant RSA probable prime key generator. - + commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844 - * cipher/primegen.c (_gcry_fips186_4_prime_check): New. - * cipher/rsa.c (generate_fips): New. - (rsa_generate): Use new function in fips mode or with test-parms. - - * tests/keygen.c (check_rsa_keys): Add test using e=65539. - -2016-03-20 Jussi Kivilinna - - Fix ARM NEON support detection on ARMv6 target. - + commit 583919d70763671ed9feeaa14e1f66379aff88cc - * configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive - instead of '.thumb'. - -2016-03-18 Werner Koch - - Always require a 64 bit integer type. - + commit 897ccd21b7221982806b5c024518f4e989152f14 - * configure.ac (available_digests_64): Merge with available_digests. - (available_kdfs_64): Merge with available_kdfs. - <64 bit datatype test>: Bail out if no such type is available. - * src/types.h: Emit #error if no u64 can be defined. - (PROPERLY_ALIGNED_TYPE): Always add u64 type. - * cipher/bithelp.h: Remove all code paths which handle the - case of !HAVE_U64_TYPEDEF. - * cipher/bufhelp.h: Ditto. - * cipher/cipher-ccm.c: Ditto. - * cipher/cipher-gcm.c: Ditto. - * cipher/cipher-internal.h: Ditto. - * cipher/cipher.c: Ditto. - * cipher/hash-common.h: Ditto. - * cipher/md.c: Ditto. - * cipher/poly1305.c: Ditto. - * cipher/scrypt.c: Ditto. - * cipher/tiger.c: Ditto. - * src/g10lib.h: Ditto. - * tests/basic.c: Ditto. - * tests/bench-slope.c: Ditto. - * tests/benchmark.c: Ditto. - -2016-03-18 Vitezslav Cizek - - tests: Fix testsuite after the FIPS adjustments. - + commit 9ecc2690181ba0bb44f66451a7dce2fc19965793 - * tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS. - * tests/curves.c (check_get_params): Skip Brainpool curves in FIPS. - * tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys. - (check_ecc_keys): Skip Ed25519 in FIPS mode. - * tests/random.c (main): Don't switch DRBG in FIPS mode. - * tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode. - * tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS. - * tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS. - (main): Skip math tests that use P-192 and Ed25519 in FIPS. - - tests: Add new --pss option to fipsdrv. - + commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97 - * tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length - to 0 for PSS. - - cipher: Add option to specify salt length for PSS verification. - + commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e - * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for - salt-length token. - - tests: Add support for RSA keygen tests to fipsdrv. - + commit 2e139456369a834cf87d983da4f61241fda76efe - * tests/fipsdrv.c (run_rsa_keygen): New. - (main): Support RSA keygen and RSA keygen KAT tests. - - tests: Fixes for RSA testsuite in FIPS mode. - + commit c690230af5a66b809f8f6fbab1a6262a5ba078cb - * tests/basic.c (get_keys_new): Generate 2048 bit key. - * tests/benchmark.c (rsa_bench): Skip keys of lengths different - than 2048 and 3072 in FIPS mode. - * tests/keygen.c (check_rsa_keys): Failure if short keys can be - generated in FIPS mode. - (check_dsa_keys): Ditto for DSA keys. - * tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS. - - rsa: Use 2048 bit RSA keys for selftest. - + commit 78cec8b4754fdf774edb2d575000cb3e972e244c - * cipher/rsa.c (selftests_rsa): Use 2048 bit keys. - (selftest_encr_1024): Replaced by selftest_encr_2048. - (selftest_sign_1024): Replaced by selftest_sign_2048. - (selftest_encr_2048): Add check against known ciphertext. - (selftest_sign_2048): Add check against known signature. - (selftest_sign_2048): Free SIG_MPI. - * tests/pubkey.c (get_keys_new): Generate 2048 bit keys. - - Disable non-allowed algorithms in FIPS mode. - + commit ce1cbe16992a7340edcf8e6576973e3508267640 - * cipher/cipher.c (_gcry_cipher_init), - * cipher/mac.c (_gcry_mac_init), - * cipher/md.c (_gcry_md_init), - * cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the - non-allowed ciphers. - * cipher/md5.c: Mark MD5 as not allowed in FIPS. - * src/g10lib.h (_gcry_mac_init): New. - * src/global.c (global_init): Call the new _gcry_mac_init. - * tests/basic.c (check_ciphers): Fix a typo. - -2016-03-18 Werner Koch - - kdf: Make PBKDF2 check work on all platforms. - + commit c478cf175887c84dc071c4f73a7667603b354789 - * cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long. - -2016-03-18 Vitezslav Cizek - - kdf: Add upper bound for derived key length in PBKDF2. - + commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6 - * cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen. - - ecc: ECDSA adjustments for FIPS 186-4. - + commit a242e3d9185e6e2dc13902ea9331131755bbba01 - * cipher/ecc-curves.c: Unmark curve P-192 for FIPS. - * cipher/ecc.c: Add ECDSA self test. - * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2 - in FIPS mode. - * tests/fipsdrv.c: Add support for ECDSA signatures. - -2016-03-18 Werner Koch - - dsa: Make regression tests work. - + commit e40939b2141306238cc30a340b867b60fa4dc2a3 - * cipher/dsa.c (sample_secret_key_1024): Comment out unused constant. - (ogenerate_fips186): Make it work with use-fips183-2 flag. - * cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs - standard comment out format. - * tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion. - (main): Call it. - (main): Compare against current version. - * tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key. - (get_dsa_key_fips186_with_seed_new): Ditto. - (get_dsa_key_fips186_with_domain_new): Comment out. - (check_run): Do not call that function. - -2016-03-18 Vitezslav Cizek - - dsa: Adjustments to conform with FIPS 186-4. - + commit 80e9f95e6f419daa765e4876c858e3e36e808897 - * cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments. - * cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect - buflen passed to _gcry_mpi_scan. - -2016-03-16 Justus Winter - - Update documentation for 'gcry_sexp_extract_param'. - + commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7 - * doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs - must be set to NULL first, and document how the function behaves in - case of errors. - * src/sexp.c (_gcry_sexp_extract_param): Likewise. - * src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from - '_gcry_sexp_extract_param'. - - cipher: Update comment. - + commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2 - * cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact - that a curve parameter can be given. - -2016-03-12 Jussi Kivilinna - - Add Intel PCLMUL implementations of CRC algorithms. - + commit 5d601dd57fcb41aa2015ab655fd6fc51537da667 - * cipher/Makefile.am: Add 'crc-intel-pclmul.c'. - * cipher/crc-intel-pclmul.c: New. - * cipher/crc.c (USE_INTEL_PCLMUL): New macro. - (CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'. - [USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul) - (gcry_crc24rfc2440_intel_pclmul): New. - (crc32_init, crc32rfc1510_init, crc24rfc2440_init) - [USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL - HW features detected. - (crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL - implementation if enabled. - (crc24_init): Document storage format of 24-bit CRC. - (crc24_next4): Use only 'data' for last table look-up. - * configure.ac: Add 'crc-intel-pclmul.lo'. - * src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include - Intel SSE4.1. - * src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection. - * src/hwfeatures.c (hwflist): Add 'intel-sse4.1'. - * tests/basic.c (fillbuf_count): New. - (check_one_md): Add "?" check (million byte data-set with byte pattern - 0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?" - checks. - (check_one_md_multi): Skip "?". - (check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256, - SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160, - CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!" - test-vectors for CRC32_RFC1510 and CRC24_RFC2440. - -2016-02-25 NIIBE Yutaka - - mpi: Normalize EXPO for mpi_powm. - + commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4 - * mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP. - -2016-02-22 Andreas Metzler - - Do not ship generated header file in tarball. - + commit 2b40a16333fa75f1cee85ab901a5aa9cff845a92 - * src/Makefile.am: Move gcrypt.h from include_HEADERS to - nodist_include_HEADERS to prevent inclusion in release tarball. - This could break out-of-tree-builds because the potentially outdated - src/gcrypt.h was not updated but was in the compiler search path. - -2016-02-20 Jussi Kivilinna - - Fix building random-drbg for Win32/64. - + commit 531b25aa94c58f6d2168a9537c8cea6c53d7bbe0 - * random/random-drbg.c: Remove include for sys/types.h and asm/types.h. - (DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH) - (DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384) - (DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192) - (DRBG_SYM256): Change 'u_int32_t' to 'u32'. - (drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters - 'drbg_read_cb' and 'len'. - -2016-02-20 Werner Koch - - tests: Do not test DRBG_REINIT from "make check" - + commit 839d12c221430b60db5e0d6fbb107f22e0a6837f - * tests/random.c (main): Run check_drbg_reinit only if the envvar - GCRYPT_IN_REGRESSION_TEST is set. - - doc: Fix possible dependency problem. - + commit 3b57e5a1ba68e26dcaea38b763287fddba9b6b7c - * doc/Makefile.am (gcrypt.texi): Use the right traget. - -2016-02-19 Stephan Mueller - - random: Remove ANSI X9.31 DRNG. - + commit e9b692d25d1c149b5417b70e18f2ce173bc25b6d - * random-fips.c: Remove. - -2016-02-19 Werner Koch - - random: Add a test case for DRBG_REINIT. - + commit 934ba2ae5a95a96fdbb3b935b51ba43df66f11df - * src/global.c (_gcry_vcontrol) : Test for FIPS RNG. - * tests/random.c (check_drbg_reinit): New. - (main): Call new test. - - random: Allow DRBG_REINIT before initialization. - + commit 7cdbd6e6a3cf1ee366b981e148d41b1187a6fdcf - * random/random-drbg.c (DRBG_DEFAULT_TYPE): New. - (_drbg_init_internal): Set the default type if no type has been set - before. - (_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default. - - Add new private header gcrypt-testapi.h. - + commit 744b030cff61fd25114b0b25394c62782c153343 - * src/gcrypt-testapi.h: New. - * src/Makefile.am (libgcrypt_la_SOURCES): Add new file. - * random/random.h: Include gcrypt-testapi.h. - (struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h. - * src/global.c: Include gcrypt-testapi.h. - (_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61. - * cipher/cipher.c: Include gcrypt-testapi.h. - (_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62. - * tests/fipsdrv.c: Include gcrypt-testapi.h. Remove definition of - PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_ - constants. - * tests/t-lock.c: Include gcrypt-testapi.h. Remove - PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants. - - * random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ... - (_gcry_rngdrbg_cavs_test): this. - (gcry_rngdrbg_healthcheck_one): Rename to ... - (_gcry_rngdrbg_healthcheck_one): this. - - random: Make the DRBG C-90 clean and use a flag string. - + commit 95f1db3affb9f5b8a2c814c211d4a02b30446c15 - * random/random.h (struct gcry_drbg_test_vector): Rename "flags" to - "flagstr" and turn it into a string. - * random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of - designated initializers. Use a string for the flags. - (gcry_rngdrbg_cavs_test): Parse the flag string into a flag value. - (drbg_healthcheck_sanity): Ditto. - - random: Symbol name cleanup for random-drbg.c. - + commit 85ed07790552297586258e8fe09b546eee357a8b - * random/random-drbg.c: Rename all static objects and macros from - "gcry_drbg" to "drbg". - (drbg_string_t): New typedef. - (drbg_gen_t): New typedef. - (drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by - this. - (_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so - that an error if actually returned. - (gcry_rngdrbg_cavs_test): Ditto. - (gcry_drbg_healthcheck_sanity): Ditto. - - random: Use our symbol name pattern also for drbg functions. - + commit 7cf3c929331133e4381dbceac53d3addd921c929 - * random/random-drbg.c: Rename global functions from _gcry_drbg_* - to _gcry_rngdrbg_*. - * random/random.c: Adjust for this change. - * src/global.c: Ditto. - - random: Rename drbg.c to random-drbg.c. - + commit e49b3f2c10e012509b5930c0df4d6df378d3b9f4 - * random/drbg.c: Rename to ... - * random/random-drbg.c: this. - * random/Makefile.am (librandom_la_SOURCES): Adjust accordingly. - - random: Remove the new API introduced by the new DRBG. - + commit dfac2b13d0068b2b1b420d77e9771a49964b81c1 - * src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c. - (struct gcry_drbg_string): Ditto. - (gcry_drbg_string_fill): Ditto. - (gcry_randomize_drbg): Remove. - * random/drbg.c (parse_flag_string): New. - (_gcry_drbg_reinit): Change the way the arguments are passed. - * src/global.c (_gcry_vcontrol) : Change calling - convention. - - Add helper function _gcry_strtokenize. - + commit 4e134b6e77f558730ec1eceb6b816b0bcfd845e9 - * src/misc.c (_gcry_strtokenize): New. - -2016-02-18 Werner Koch - - random: Remove DRBG constants from the public API. - + commit fd13372fa9069d3a72947ea59c57e33637c936bf - * src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ... - * random/drbg.c: here. - -2016-02-18 Stephan Mueller - - random: Add SP800-90A DRBG. - + commit ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7 - * random/drbg.c: New. - * random/random.c (_gcry_random_initialize): Replace rngfips init by - drbg init. - (__gcry_random_close_fds): Likewise. - (_gcry_random_dump_stats): Likewise. - (_gcry_random_is_faked): Likewise. - (do_randomize): Likewise. - (_gcry_random_selftest): Likewise. - (_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize. - (_gcry_random_init_external_test): Remove. - (_gcry_random_run_external_test): Remove. - (_gcry_random_deinit_external_test): Remove. - * random/random.h (struct gcry_drbg_test_vector): New. - * src/gcrypt.h.in (struct gcry_drbg_gen): New. - (struct gcry_drbg_string): New. - (gcry_drbg_string_fill): New. - (gcry_randomize_drbg): New. - (GCRY_DRBG_): Lots of new macros. - * src/global.c (_gcry_vcontrol) : Turn into - a nop. - (_gcry_vcontrol) : Ditto. - (_gcry_vcontrol) : Change. - (_gcry_vcontrol) : New. - -2016-02-13 Jussi Kivilinna - - bufhelp: disable unaligned memory accesses on powerpc. - + commit 1da793d089b65ac8c1ead65dacb6b8699f5b6e69 - * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for - __powerpc__ and __powerpc64__. - -2016-02-12 NIIBE Yutaka - - ecc: Not validate input point for Curve25519. - + commit 7a019bc7ecdbdfdef51094e090ce95e062da9b64 - * cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception. - -2016-02-10 NIIBE Yutaka - - ecc: Fix memory leaks on error. - + commit b12dd550fd6af687ef95c584d0d8366c34965cc8 - * cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory. - * mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise. - -2016-02-09 NIIBE Yutaka - - ecc: input validation on ECDH. - + commit 23b72901f8a5ba9a78485b235c7a917fbc8faae0 - * cipher/ecc.c (ecc_decrypt_raw): Validate the point. - -2016-02-08 Jussi Kivilinna - - Add ARM assembly implementation of SHA-512. - + commit 8353884bc65c820d5bcacaf1ac23cdee72091a09 - * cipher/Makefile.am: Add 'sha512-arm.S'. - * cipher/sha512-arm.S: New. - * cipher/sha512.c (USE_ARM_ASM): New. - (_gcry_sha512_transform_arm): New. - (transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of - generic. - * configure.ac: Add 'sha512-arm.lo'. - -2016-02-03 NIIBE Yutaka - - tests: Add a test for Curve25519. - + commit b8b3361504950689ef1e779fb3357cecf8a9f739 - * tests/Makefile.am (tests_bin): Add t-cv25519. - * tests/t-cv25519.c: New. - -2016-02-02 NIIBE Yutaka - - ecc: Fix Curve25519 for data by older implementation. - + commit 6cb6df9dddac6ad246002b83c2ce0aaa0ecf30e5 - * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix code path for - short length data. - - ecc: more fix of Curve25519. - + commit 48ba5a50066611ecacea850ced13f5cb66097a81 - * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of - prefix. Clear the MSB, according to RFC7748. - - ecc: Fix ECDH of Curve25519. - + commit a2f9afcd7fcdafd5951498b07f34957f9766dce9 - * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS - and prefix detection. - * cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS. - (ecc_encrypt_raw): Use NBITS from curve instead of from P. - Fix rawmpilen calculation. - (ecc_decrypt_raw): Likewise. Add debug output. - -2016-01-29 Jussi Kivilinna - - Improve performance of generic SHA256 implementation. - + commit f3e51161036382429c3491c7c881f36c0a653c7b - * cipher/sha256.c (R): Let caller do variable shuffling. - (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros. - (W, I): New. - (transform_blk): Unroll round loop; inline message expansion to rounds - to make message expansion buffer smaller. - -2016-01-28 Werner Koch - - ecc: New API function gcry_mpi_ec_decode_point. - + commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897 - * mpi/ec.c (_gcry_mpi_ec_decode_point): New. - * cipher/ecc-common.h: Move two prototypes to ... - * src/ec-context.h: here. - * src/gcrypt.h.in (gcry_mpi_ec_decode_point): New. - * src/libgcrypt.def (gcry_mpi_ec_decode_point): New. - * src/libgcrypt.vers (gcry_mpi_ec_decode_point): New. - * src/visibility.c (gcry_mpi_ec_decode_point): New. - * src/visibility.h: Add new function. - -2016-01-15 Werner Koch - - Fix build problem for rndegd.c. - + commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1 - * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules. - * random/rndegd.c (_gcry_rndegd_connect_socket) - (my_make_filename): Use functions with '_' prefix. - - random: Fix possible AIX problem with sysconf in rndunix. - + commit 6303b0e83856ee89374b447e710f0ab2af61caec - * random/rndunix.c [HAVE_STDINT_H]: Include stdint.h. - (start_gatherer): Detect misbehaving sysconf. - -2015-12-27 Werner Koch - - random: Take at max 25% from RDRAND. - + commit 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Change use of - RDRAND from 50% to 25%. - -2015-12-07 Justus Winter - - cipher: Improve error handling. - + commit b9c02fbeb7efb7d0593b33485fb30c298291cf80 - * cipher/ecc.c (ecc_decrypt_raw): Improve error handling. - - cipher: Initialize 'flags'. - + commit ca06cd7f77acb317c2649c58918908f043dfe6bd - * cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0. - -2015-12-05 NIIBE Yutaka - - ecc: CHANGE point representation of Curve25519. - + commit dd3d06e7f113cf7608f060ceb043262efd0b0c9d - * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with - the prefix 0x40, additional 0x00 by MPI handling, and shorter octets - by MPI normalization. - * cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw): - Always add the prefix 0x40. - -2015-12-03 Jussi Kivilinna - - chacha20: fix alignment of self-test context. - + commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38 - * cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20 - context structure. - - salsa20: fix alignment of self-test context. - + commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca - * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20 - context structure. - -2015-12-02 Justus Winter - - random: Drop fake entropy gathering function. - + commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa - * random/random-csprng.c (faked_rng): Drop variable. - (gather_faked): Drop prototype and function. - (initialize): Drop fallback code. - (_gcry_rngcsprng_is_faked): Change accordingly. - - random: Fix selection of entropy gathering function. - + commit 468a5796ffb1a7776db4004d534376c1b981d740 - * random/random-csprng.c (getfnc_gather_random): Do return NULL if no - usable entropy gathering function is found. The callsite then - installs the fake gather function. - -2015-11-26 NIIBE Yutaka - - ecc: minor improvement of point multiplication. - + commit 3658afd09c3b03b4398aaa5748387220c93b1a94 - * mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop. - -2015-11-25 NIIBE Yutaka - - ecc: Constant-time multiplication for Weierstrass curve. - + commit 88e1358962e902ff1cbec8d53ba3eee46407851a - * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary - method for Weierstrass curve when SCALAR is secure. - - mpi: fix gcry_mpi_swap_cond. - + commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f - * mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition. - - mpi: Fix mpi_set_cond and mpi_swap_cond . - + commit 8ad682c412047d3b9196950709dbd7bd14ac8732 - * mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use - the operator of !!, but assume SET/SWAP is 0 or 1. - - ecc: multiplication of Edwards curve to be constant-time. - + commit 295b1c3540752af4fc5e6f41480e6db215222fba - * mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond. - - ecc: Add point_resize and point_swap_cond. - + commit b6015176df6bfae107ac82f9baa29ef2c175c9f9 - * mpi/ec.c (point_resize, point_swap_cond): New. - (_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond. - -2015-11-18 Justus Winter - - cipher: Fix error handling. - + commit 940dc8adc034a6c6c38742f6bfd7d837a532d537 - * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling. - -2015-11-18 Jussi Kivilinna - - Tweak Keccak for small speed-up. - + commit 6571a64331839d7d952292163afbf34c8bef62e0 - * cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track - rounds with round constant pointer instead of separate round counter. - * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto. - (KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk - absorb loops. - - Update license information for CRC. - + commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080 - * LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses - for 'cipher/crc.c' as result of rewrite of CRC implementations. - -2015-11-17 Justus Winter - - Fix typos found using codespell. - + commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de - * cipher/cipher-ocb.c: Fix typos. - * cipher/des.c: Likewise. - * cipher/dsa-common.c: Likewise. - * cipher/ecc.c: Likewise. - * cipher/pubkey.c: Likewise. - * cipher/rsa-common.c: Likewise. - * cipher/scrypt.c: Likewise. - * random/random-csprng.c: Likewise. - * random/random-fips.c: Likewise. - * random/rndw32.c: Likewise. - * src/cipher-proto.h: Likewise. - * src/context.c: Likewise. - * src/fips.c: Likewise. - * src/gcrypt.h.in: Likewise. - * src/global.c: Likewise. - * src/sexp.c: Likewise. - * tests/mpitests.c: Likewise. - * tests/t-lock.c: Likewise. - -2015-11-01 Jussi Kivilinna - - Improve performance of Tiger hash algorithms. - + commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0 - * cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions - to macros. - (transform_blk): Pass variable names instead of pointers to 'pass'. - - Add ARMv7/NEON implementation of Keccak. - + commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b - * cipher/Makefile.am: Add 'keccak-armv7-neon.S'. - * cipher/keccak-armv7-neon.S: New. - * cipher/keccak.c (USE_64BIT_ARM_NEON): New. - (NEED_COMMON64): Select if USE_64BIT_ARM_NEON. - [NEED_COMMON64] (round_consts_64bit): Rename to... - [NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add - terminator at end. - [USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon) - (_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon) - (keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New. - (keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation - if supported by HW. - * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update - to use new round constant table. - * configure.ac: Add 'keccak-armv7-neon.lo'. - - Optimize Keccak 64-bit absorb functions. - + commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88 - * cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8) - (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. - * cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8) - (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. - [USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New. - [USE_64BIT] (keccak_absorb_lanes64): Remove. - [USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New. - [USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove. - [USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New. - [USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove. - * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New. - -2015-10-31 Jussi Kivilinna - - Enable CRC test vectors with zero bytes. - + commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2 - * tests/basic.c (check_digests): Enable CRC test-vectors with zero - bytes. - - Keccak: Add SHAKE Extendable-Output Functions. - + commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29 - * src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for - XOFs. - * src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract' - and add 'pos' argument. - (KECCAK_CONTEXT): Add 'suffix'. - (keccak_extract_inplace64): Rename to... - (keccak_extract64): ...this; Add handling for 'pos' argument. - (keccak_extract_inplace32bi): Rename to... - (keccak_extract32bi): ...this; Add handling for 'pos' argument. - (keccak_extract_inplace64): Rename to... - (keccak_extract64): ...this; Add handling for 'pos' argument. - (keccak_extract_inplace32bi_bmi2): Rename to... - (keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument. - (keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256. - (shake128_init, shake256_init): New. - (keccak_final): Do not initial permute for SHAKE output; use correct - suffix for SHAKE. - (keccak_extract): New. - (keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors. - (run_selftests): Add SHAKE128 & SHAKE256. - (shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256) - (_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New. - * cipher/md.c (digest_list): Add SHAKE128 & SHAKE256. - * doc/gcrypt.texi: Ditto. - * src/cipher.h (_gcry_digest_spec_shake128) - (_gcry_digest_spec_shake256): New. - * src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New. - * tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument. - (check_one_md_multi): Skip if algo is XOF. - (check_digests): Add SHAKE128 & SHAKE256 test vectors. - * tests/bench-slope.c (kdf_bench_one): Skip XOFs. - - Few updates to documentation. - + commit 28de6f9e16e386018e81a9cdaee596be7616ccab - * doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature - flag; Add mention of x86 RDRAND support in rndhw. - - Add HMAC-SHA3 test vectors. - + commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc - * tests/basic.c (check_mac): Add HMAC_SHA3 test vectors. - -2015-10-28 Jussi Kivilinna - - md: add variable length output interface. - + commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa - * cipher/crc.c (_gcry_digest_spec_crc32) - (_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set - 'extract' NULL. - * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94) - (_gcry_digest_spec_gost3411_cp): Ditto. - * cipher/keccak.c (_gcry_digest_spec_sha3_224) - (_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384) - (_gcry_digest_spec_sha3_512): Ditto. - * cipher/md2.c (_gcry_digest_spec_md2): Ditto. - * cipher/md4.c (_gcry_digest_spec_md4): Ditto. - * cipher/md5.c (_gcry_digest_spec_md5): Ditto. - * cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto. - * cipher/sha1.c (_gcry_digest_spec_sha1): Ditto. - * cipher/sha256.c (_gcry_digest_spec_sha224) - (_gcry_digest_spec_sha256): Ditto. - * cipher/sha512.c (_gcry_digest_spec_sha384) - (_gcry_digest_spec_sha512): Ditto. - * cipher/stribog.c (_gcry_digest_spec_stribog_256) - (_gcry_digest_spec_stribog_512): Ditto. - * cipher/tiger.c (_gcry_digest_spec_tiger) - (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto. - * cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto. - * cipher/md.c (md_enable): Do not allow combination of HMAC and - 'expandable-output function'. - (md_final): Check if spec->read is NULL before calling. - (md_read): Ditto. - (md_extract, _gcry_md_extract): New. - * doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract. - * src/cipher-proto.h (gcry_md_extract_t): New. - (gcry_md_spec_t): Add 'extract'. - * src/gcrypt-int.g (_gcry_md_extract): New. - * src/gcrypt.h.in (gcry_md_extract): New. - * src/libgcrypt.def: Add gcry_md_extract. - * src/libgcrypt.vers: Add gcry_md_extract. - * src/visibility.c (gcry_md_extract): New. - * src/visibility.h (gcry_md_extract): New. - - md: check hmac flag in prepare_macpads. - + commit cee2e122ec6c1886957a8d47498eb63a6a921725 - * cipher/md.c (prepare_macpads): Check hmac flag. - - keccak: rewrite for improved performance. - + commit 74184c28fbe7ff58cf57f0094ef957d94045da7d - * cipher/Makefile.am: Add 'keccak_permute_32.h' and - 'keccak_permute_64.h'. - * cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove. - * cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2) - (USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI) - (keccak_ops_t): New. - (KECCAK_STATE): Add 'state64' and 'state32bi' members. - (KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'. - (rol64, keccak_f1600_state_permute): Remove. - [NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New. - [NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi) - (keccak_absorb_lane32bi): New. - [USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64) - (keccak_absorb_lanes64, keccak_generic64_ops): New. - [USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld) - (keccak_absorb_lanes64_shld, keccak_shld_64_ops): New. - [USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2) - (keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New. - [USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi) - (keccak_absorb_lanes32bi, keccak_generic32bi_ops): New. - [USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2) - (pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2) - (keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New. - (keccak_write): New. - (keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation - selection based on HWF features. - (keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops' - for state manipulation. - (keccak_read): Adjust to KECCAK_CONTEXT changes. - (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256) - (_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use - 'keccak_write' instead of '_gcry_md_block_write'. - * cipher/keccak_permute_32.h: New. - * cipher/keccak_permute_64.h: New. - - hwf-x86: add detection for Intel CPUs with fast SHLD instruction. - + commit 909644ef5883927262366c356eed530e55aba478 - * cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of - HWF_INTEL_CPU. - * cipher/sha256.c (sha256_init, sha224_init): Ditto. - * cipher/sha512.c (sha512_init, sha384_init): Ditto. - * src/g10lib.h (HWF_INTEL_FAST_SHLD): New. - (HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI) - (HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2) - (HWF_ARM_NEON): Update. - * src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core - CPUs with fast SHLD/SHRD instruction. - * src/hwfeatures.c (hwflist): Add "intel-fast-shld". - - Fix OCB amd64 assembly implementations for x32. - + commit 16fd540f4d01eb6dc23d9509ae549353617c7a67 - * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc) - (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth) - (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec) - (_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt) - (_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array. - * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc) - (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth) - (_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec) - (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto. - * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc) - (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth) - (twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth) - (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto. - - bench-slope: add KDF/PBKDF2 benchmark. - + commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0 - * tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free) - (bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New. - (print_help): Add 'kdf'. - (main): Add KDF benchmarks. - -2015-10-22 NIIBE Yutaka - - md: keep contexts for HMAC in GcryDigestEntry. - + commit f7505b550dd591e33d3a3fab9277c43c460f1bad - * cipher/md.c (struct gcry_md_context): Add flags.hmac. - Remove macpads and mcpads_Bsize. - (md_open): Initialize flags.hmac. Remove macpads initialization. - (md_enable): Allocate contexts when flags.hmac is enabled. - (md_copy): Remove macpads copying. Add copying contexts. - (_gcry_md_reset): When flags.hmac is enabled, restore precomputed - context with input pad - (md_close): Remove macpads wiping. - (md_final): When flags.hmac is enabled, compute hmac by precomputed - context with output pad. - (prepare_macpads): Prepare precomputed contexts with input pad and - output pad for each registered digest entry. - (_gcry_md_setkey): Just call prepare_macpads. - -2015-10-15 NIIBE Yutaka - - Fix double free on error. - + commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982 - * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD. - -2015-10-14 NIIBE Yutaka - - Fix gpg_error_t and gpg_err_code_t confusion. - + commit 813565a07ca575c87e1252c6ed26018653ecd338 - * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change. - * cipher/dsa.c (dsa_check_secret_key): Ditto. - * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t. - - * src/gcrypt-int.h (_gcry_err_make_from_errno) - (_gcry_error_from_errno): Return gpg_error_t. - * cipher/cipher.c (_gcry_cipher_open_internal) - (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error. - * src/global.c (_gcry_vcontrol): Likewise. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use - gpg_err_code_from_syserror. - * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write) - (mac_read, mac_verify): Return gcry_err_code_t. - * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR. - * src/visibility.c (gcry_error_from_errno): Return gpg_error_t. - -2015-10-13 Jussi Kivilinna - - Fix compiling AES/AES-NI implementation on linux-i386. - + commit fa94b6111948a614ebdcb67f7942eced8b84c579 - * cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in - two parts to reduce number of register constraints needed. - -2015-10-13 NIIBE Yutaka - - Fix declaration of return type. - + commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5 - * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t. - * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param. - * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t. - * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch. - -2015-09-07 Werner Koch - - Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls. - + commit 3a3d5410cc83f7069c7cb1ab384905f382292d32 - * src/secmem.c (lock_pool, secmem_init): Do not call any cap_ - functions if NO_PRIV_DROP is set. - -2015-09-04 Werner Koch - - w32: Avoid a few compiler warnings. - + commit e97c62a4a687b56d00a2d0a63e072a977f8eb81c - * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc) - (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable - as unused. - * random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch - warning. - * src/secmem.c (init_pool): Avoid unused variable warning. - * tests/random.c (writen, readn): Include on if needed. - - w32: Fix alignment problem with AESNI on Windows >= 8. - + commit e2785a2268702312529521df3bd2f4e6b43cea3a - * cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New. - * cipher/rijndael.c (selftest_basic_128, selftest_basic_192) - (selftest_basic_256): Allocate context on the heap. - -2015-08-31 Werner Koch - - rsa: Add verify after sign to avoid Lenstra's CRT attack. - + commit c17f84bd02d7ee93845e92e20f6ddba814961588 - * cipher/rsa.c (rsa_sign): Check the CRT. - - Add pubkey algo id for EdDSA. - + commit dd87639abd38afc91a6f27af33f0ba17402ad02d - * src/gcrypt.h.in (GCRY_PK_EDDSA): New. - -2015-08-25 Werner Koch - - Add configure option --enable-build-timestamp. - + commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e - * configure.ac (BUILD_TIMESTAMP): Set to "" by default. - -2015-08-23 Werner Koch - - tests: Add missing files for the make distcheck target. - + commit fb3cb47b0a29d3e73150297aa4495c20915e4a75 - * tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files. - -2015-08-19 Werner Koch - - Change SHA-3 algorithm ids. - + commit 65639ecaaeba642e40487446c40d045482001285 - * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) - (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values. - -2015-08-12 Jussi Kivilinna - - Keccak: Fix array indexes in θ step. - + commit 48822ae0b436bcea0fe92dbf0d88475ba3179320 - * cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5]. - - Simplify OCB offset calculation for parallel implementations. - + commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03 - * cipher/camellia-glue.c (_gcry_camellia_ocb_crypt) - (_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of - just if 'blkn % == 0'. - * cipher/serpent.c (_gcry_serpent_ocb_crypt) - (_gcry_serpent_ocb_auth): Ditto. - * cipher/rijndael-aesni.c (get_l): Remove low-bit checks. - (aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading - blocks until block counter is multiple of 4, so that parallel block - processing loop can use 'c->u_mode.ocb.L' array directly. - * tests/basic.c (check_ocb_cipher_largebuf): Rename to... - (check_ocb_cipher_largebuf_split): ...this and add option to process - large buffer as two split buffers. - (check_ocb_cipher_largebuf): New. - - Add carryless 8-bit addition fast-path for AES-NI CTR mode. - + commit e11895da1f4af9782d89e92ba2e6b1a63235b54b - * cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using - CTR in big-endian form, if least-significant byte does not overflow. - -2015-08-10 Jussi Kivilinna - - Add additional SHA3 test-vectors. - + commit 80321eb3a63a20f86734d6eebb3f419c0ec895aa - * tests/basic.c (check_digests): Allow datalen to be specified so that - input data can have byte with value 0x00; Include sha3-*.h header files - to test-vector structure. - * tests/sha3-224.h: New. - * tests/sha3-256.h: New. - * tests/sha3-384.h: New. - * tests/sha3-512.h: New. - - Add generic SHA3 implementation. - + commit 434ba17d1d5ad59c70d721ad3ecb376c2403a7e5 - * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE): Increase blocksize - USE_SHA3 enabled. - * cipher/keccak.c (SHA3_DELIMITED_SUFFIX, SHAKE_DELIMITED_SUFFIX): New. - (KECCAK_STATE): Add proper state. - (KECCAK_CONTEXT): Add 'outlen'. - (rol64, keccak_f1600_state_permute, transform_blk, transform): New. - (keccak_init): Add proper initialization. - (keccak_final): Add proper finalization. - (selftests_keccak): Add selftests. - (oid_spec_sha3_224, oid_spec_sha3_256, oid_spec_sha3_384) - (oid_spec_sha3_512): Add OID. - (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256) - (_gcry_digest_spec_sha3_384, _gcry_digest_spec_sha3_512): Fix output - length. - * cipher/mac-hmac.c (map_mac_algo_to_md): Fix mapping for SHA3-512. - (hmac_get_keylen): Return proper blocksizes for SHA3 algorithms. - [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224) - (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384) - (_gcry_mac_type_spec_hmac_sha3_512): New. - * cipher/mac-internal [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224) - (_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384) - (_gcry_mac_type_spec_hmac_sha3_512): New. - * cipher/mac.c (mac_list) [USE_SHA3]: Add SHA3 algorithms. - * cipher/md.c (md_open): Use proper SHA-3 blocksizes for HMAC macpads. - * tests/basic.c (check_digests): Add SHA3 test vectors. - - Optimize OCB offset calculation. - + commit 49f52c67fb42c0656c8f9af655087f444562ca82 - * cipher/cipher-internal.h (ocb_get_l): New. - * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate) - (ocb_crypt): Use 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'. - * cipher/camellia-glue.c (get_l): Remove. - (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Precalculate - offset array when block count matches parallel operation size; Use - 'ocb_get_l' instead of 'get_l'. - * cipher/rijndael-aesni.c (get_l): Add fast path for 75% most common - offsets. - (aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Precalculate - offset array when block count matches parallel operation size. - * cipher/rijndael-ssse3-amd64.c (get_l): Add fast path for 75% most - common offsets. - * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Use - 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'. - * cipher/serpent.c (get_l): Remove. - (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Precalculate - offset array when block count matches parallel operation size; Use - 'ocb_get_l' instead of 'get_l'. - * cipher/twofish.c (get_l): Remove. - (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Use 'ocb_get_l' - instead of 'get_l'. - -2015-08-10 NIIBE Yutaka - - ecc: fix Montgomery curve bugs. - + commit ce746936b6c210e602d106cfbf45cf60b408d871 - * cipher/ecc.c (check_secret_key): Y1 should not be NULL when check. - (ecc_check_secret_key): Support Montgomery curve. - * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition. - -2015-08-08 Werner Koch - - Add framework to eventually support SHA3. - + commit 0e17f7a05bba309a87811992aa47a77af9935b99 - * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) - (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New. - (GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256) - (GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New. - * cipher/keccak.c: New with stub functions. - * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c. - * configure.ac (available_digests): Add sha3. - (USE_SHA3): New. - * src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests. - * cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos. - (md_open): Ditto for hmac processing. - * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping. - * cipher/hmac-tests.c (run_selftests): Prepare for tests. - * cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx". - -2015-08-06 Werner Koch - - tools: Fix memory leak for functions "I" and "G". - + commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5 - * src/mpicalc.c (do_inv, do_gcd): Init A after stack check. - -2015-08-06 Ismo Puustinen - - ecc: Free memory also when in error branch. - + commit 1d896371fbc94c605fce35eabcde01e24dd22892 - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto - leave on error. - -2015-08-06 NIIBE Yutaka - - Add Curve25519 support. - + commit e93f4c21c59756604440ad8cbf27e67d29c99ffd - * cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519. - * tests/curves.c (N_CURVES): It's 22 now. - * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New. - * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New. - * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New. - * cipher/ecc.c (nist_generate_key): Handle the case of - PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. - (test_ecdh_only_keys, check_secret_key): Likewise. - (ecc_generate): Support Curve25519 which is Montgomery curve with flag - PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP. - (ecc_encrypt_raw): Get flags from KEYPARMS and handle - PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. - (ecc_decrypt_raw): Likewise. - (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): - PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK. - Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK. - -2015-07-27 Jussi Kivilinna - - Reduce code size for Twofish key-setup and remove key dependend branch. - + commit b4b1d872ba651bc44761b35d245b1a519a33f515 - * cipher/twofish.c (poly_to_exp): Increase size by one, change type - from byte to u16 and insert '492' to index 0. - (exp_to_poly): Increase size by 256, let new cells have zero value. - (CALC_S): Execute unconditionally with help of modified tables. - (do_twofish_setkey): Change type for 'tmp' to 'unsigned int'; Un-unroll - CALC_K256 and CALC_K phases to reduce generated object size. - - Reduce amount of duplicated code in OCB bulk implementations. - + commit e950052bc6f5ff11a7c23091ff3f6b5cc431e875 - * cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate) - (ocb_crypt): Change bulk function to return number of unprocessed - blocks. - * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) - (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth) - (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth) - (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type - to 'size_t'. - * cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or - USE_AESNI_AVX2 defined. - (_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type - to 'size_t' and return remaining blocks; Remove unaccelerated common - code path. Enable remaining common code only if USE_AESNI_AVX or - USE_AESNI_AVX2 defined; Remove unaccelerated common code. - * cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change - return type to 'size_t' and return zero. - * cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON - defined. - (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type - to 'size_t' and return remaining blocks; Remove unaccelerated common - code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or - USE_NEON defined; Remove unaccelerated common code. - * cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined. - (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type - to 'size_t' and return remaining blocks; Remove unaccelerated common - code path. Enable remaining common code only if USE_AMD64_ASM defined; - Remove unaccelerated common code. - - Add bulk OCB for Serpent SSE2, AVX2 and NEON implementations. - + commit adbdca0d58f9c06dc3850b95e3455e179c1e6960 - * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk - functions for Serpent. - * cipher/serpent-armv7-neon.S: Add OCB assembly functions. - * cipher/serpent-avx2-amd64.S: Add OCB assembly functions. - * cipher/serpent-sse2-amd64.S: Add OCB assembly functions. - * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc) - (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth) - (_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec) - (_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc) - (_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New - prototypes. - (get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New. - * src/cipher.h (_gcry_serpent_ocb_crypt) - (_gcry_serpent_ocb_auth): New. - * tests/basic.c (check_ocb_cipher): Add test-vector for serpent. - - Add bulk OCB for Twofish AMD64 implementation. - + commit 7f6804c37c4b41d85fb26aa723b1c41e4a3cf278 - * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk - functions for Twofish. - * cipher/twofish-amd64.S: Add OCB assembly functions. - * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc) - (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New - prototypes. - (call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc) - (twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l) - (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New. - * src/cipher.h (_gcry_twofish_ocb_crypt) - (_gcry_twofish_ocb_auth): New. - * tests/basic.c (check_ocb_cipher): Add test-vector for Twofish. - - Add bulk OCB for Camellia AES-NI/AVX and AES-NI/AVX2 implementations. - + commit bb088c6b1620504fdc79e89af27c2bf3fb02b4b4 - * cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions. - * cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions. - * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc) - (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth) - (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec) - (_gcry_camellia_aesni_avx2_ocb_auth): New prototypes. - (get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New. - * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk - functions for Camellia. - * src/cipher.h (_gcry_camellia_ocb_crypt) - (_gcry_camellia_ocb_auth): New. - * tests/basic.c (check_ocb_cipher): Add test-vector for Camellia. - -2015-07-26 Jussi Kivilinna - - Add OCB bulk mode for AES SSSE3 implementation. - + commit 620e1e0300c79943a1846a49563b04386dc60546 - * cipher/rijndael-ssse3-amd64.c (SSSE3_STATE_SIZE): New. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): Use - 'ssse3_state' for storing current SSSE3 state. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] - (vpaes_ssse3_cleanup): Restore SSSE3 state from 'ssse3_state'. - (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption) - (_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc) - (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) - (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec) - (_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_cbc_dec): Add 'ssse3_state' - array. - (get_l, ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_crypt) - (_gcry_aes_ssse3_ocb_auth): New. - * cipher/rijndael.c (_gcry_aes_ssse3_ocb_crypt) - (_gcry_aes_ssse3_ocb_auth): New. - (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_SSSE3]: Use SSSE3 - implementation for OCB. - -2015-07-26 Peter Wu - - Fix undefined behavior wrt memcpy. - + commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4 - * cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let - the function continue to add padding as needed though. - * cipher/mac-poly1305.c: If the caller requested to finish the hash - function without a copy of the result, return immediately. - -2015-07-23 Peter Wu - - build: ignore scissor line for the commit-msg hook. - + commit ada0a7d302cca97b327faaacac7a5d0b8043df88 - * build-aux/git-hooks/commit-msg: Stop processing more lines when the - scissor line is encountered. - -2015-07-16 Peter Wu - - rsa: Fix error in comments. - + commit 9cd55e8e948f0049cb23495f536decf797d072f7 - * cipher/rsa.c: Fix. - -2015-07-14 Peter Wu - - sexp: Fix invalid deallocation in error path. - + commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b - * src/sexp.c: Fix wrong condition. - -2015-07-10 Peter Wu - - ecc: fix memory leak. - + commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c - * cipher/ecc.c (ecc_verify): Release memory which was allocated before - by _gcry_pk_util_preparse_sigval. - (ecc_decrypt_raw): Likewise. - -2015-07-06 NIIBE Yutaka - - ecc: fix memory leaks. - + commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06 - cipher/ecc.c (ecc_generate): Fix memory leak on error of - _gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint. - (ecc_check_secret_key): Fix memory leak on error of - _gcry_ecc_update_curve_param. - (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove - unnecessary sexp_release and fix memory leak on error of - _gcry_ecc_fill_in_curve. - (ecc_decrypt_raw): Fix double free of the point kG and memory leak - on error of _gcry_ecc_os2ec. - -2015-06-11 NIIBE Yutaka - - mpi: Support FreeBSD 10 or later. - + commit a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1 - * mpi/config.links: Include FreeBSD 10 to 29. - -2015-05-21 Werner Koch - - ecc: Add key generation flag "no-keytest". - + commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07 - * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag - "no-keytest". Return an error for invalid flags of length 10. - - * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags - set random level depending on flags. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. - * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and - remove var random_level. - (nist_generate_key): Implement "no-keytest" flag. - - * tests/keygen.c (check_ecc_keys): Add tests for transient-key and - no-keytest. - - ecc: Avoid double conversion to affine coordinates in keygen. - + commit 102d68b3bd77813a3ff989526855bb1e283bf9d7 - * cipher/ecc.c (nist_generate_key): Add args r_x and r_y. - (ecc_generate): Rename vars. Convert to affine coordinates only if - not returned by the lower level generation function. - - random: Change initial extra seeding from 2400 bits to 128 bits. - + commit 8124e357b732a719696bfd5271def4e528f2a1e1 - * random/random-csprng.c (read_pool): Reduce initial seeding. - -2015-05-14 Jussi Kivilinna - - Enable AMD64 Twofish implementation on WIN64. - + commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501 - * cipher/twofish-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/twofish.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. - (twofish_amd64_encrypt_block, twofish_amd64_decrypt_block) - (twofish_amd64_ctr_enc, twofish_amd64_cbc_dec) - (twofish_amd64_cfb_dec): New wrapper functions for AMD64 - assembly functions. - - Enable AMD64 Serpent implementations on WIN64. - + commit eb0ed576893b6c7990dbcb568510f831d246cea6 - * cipher/serpent-avx2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/serpent-sse2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New. - (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec) - (_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc) - (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add - ASM_FUNC_ABI. - - Enable AMD64 Salsa20 implementation on WIN64. - + commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0 - * cipher/salsa20-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/salsa20.c (USE_AMD64): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. - (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) - (_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI. - [USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK. - (salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK. - - Enable AMD64 Poly1305 implementations on WIN64. - + commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f - * cipher/poly1305-avx2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/poly1305-sse2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New. - (POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (OPS_FUNC_ABI): New. - (poly1305_ops_t): Use OPS_FUNC_ABI. - * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext) - (_gcry_poly1305_amd64_sse2_finish_ext) - (_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext) - (_gcry_poly1305_amd64_avx2_finish_ext) - (_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext) - (_gcry_poly1305_armv7_neon_finish_ext) - (_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32) - (poly1305_blocks_ref32, poly1305_finish_ext_ref32) - (poly1305_init_ext_ref8, poly1305_blocks_ref8) - (poly1305_finish_ext_ref8): Use OPS_FUNC_ABI. - - Enable AMD64 3DES implementation on WIN64. - + commit b65e9e71d5ee992db5c96793c6af999545daad28 - * cipher/des-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/des.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. - (tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call - assembly function through 'call_sysv_fn'. - (tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec) - (tripledes_amd64_cfb_dec): New wrapper functions for bulk - assembly functions. - - Enable AMD64 ChaCha20 implementations on WIN64. - + commit 9597cfddf03c467825da152be5ca0d12a8c30d88 - * cipher/chacha20-avx2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/chacha20-sse2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/chacha20-ssse3-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. - (chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks) - (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks) - (_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI. - (chacha20_core): Add ASM_EXTRA_STACK. - - Enable AMD64 CAST5 implementation on WIN64. - + commit 6a6646df80386204675d8b149ab60e74d7ca124c - * cipher/cast5-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (RIP): Remove. - (GET_EXTERN_POINTER): Use 'leaq' version on WIN64. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/cast5.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. - (do_encrypt_block, do_decrypt_block) - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly - function through 'call_sysv_fn'. - (cast5_amd64_ctr_enc, cast5_amd64_cbc_dec) - (cast5_amd64_cfb_dec): New wrapper functions for bulk - assembly functions. - - Enable AMD64 Camellia implementations on WIN64. - + commit 9a4fb3709864bf3e3918800d44ff576590cd4e92 - * cipher/camellia-aesni-avx-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/camellia-aesni-avx2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_AESNI_AVX || USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. - (_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec) - (_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen) - (_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec) - (_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI. - - Enable AMD64 Blowfish implementation on WIN64. - + commit e05682093ffb003b589a697428d918d755ac631d - * cipher/blowfish-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/blowfish.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. - (do_encrypt, do_encrypt_block, do_decrypt_block) - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly - function through 'call_sysv_fn'. - (blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec) - (blowfish_amd64_cfb_dec): New wrapper functions for bulk - assembly functions. - .. - - Enable AMD64 arcfour implementation on WIN64. - + commit c46b015bedba7ce0db68929bd33a86a54ab3d919 - * cipher/arcfour-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/arcfour.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use - assembly block to call AMD64 assembly function. - - Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539. - + commit ee8fc4edcb3466b03246c8720b90731bf274ff1d - * cipher/cipher-poly1305.c: Add RFC-7539 to header. - * doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of - RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD. - - hwf-x86: use edi for passing value to ebx for i386 cpuid. - + commit bac42c68b069f17abcca810a21439c7233815747 - * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead - of '=r'. - - hwf-x86: add EDX as output register for xgetbv asm block. - + commit e15beb584a5ebdfc363e1ff15f87102508652d71 - * src/hwf-x86.c (get_xgetbv): Add EDX as output. - -2015-05-04 Werner Koch - - build: Update build-aux files. - + commit 5a7d55eed3316f40ca61acbee032bfc285e28803 - - - Fix possible regression on old 32 bit mingw compilers. - + commit 090ca7435156b5f52064357dd59059570d466f46 - * acinclude.m4: Add new pattern for mingw32. - - build: Add new file. - + commit 4af52b2e72ce004b7d8f99e09c4324e3c2a84379 - * mpi/amd64/distfiles: Add func_abi.h. - -2015-05-03 Jussi Kivilinna - - Fix WIN64 assembly glue for AES. - + commit 24a769a7c7601dbb85332e550f6fbd121b56df5f - * cipher/rinjdael.c (do_encrypt, do_decrypt) - [!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to - input+output to mark volatile nature of the used registers. - - Add '1 million a characters' test vectors. - + commit 2f4fefdbc62857b6e2da26ce111ee140a068c471 - * tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384, - SHA-512, RIPEMD160 and CRC32. - -2015-05-02 Jussi Kivilinna - - More optimized CRC implementations. - + commit 06e122baa3321483a47bbf82fd2a4540becfa0c9 - * cipher/crc.c (crc32_table, crc24_table): Replace with new table - contents. - (update_crc32, CRC24_INIT, CRC24_POLY): Remove. - (crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4) - (crc24_final): New. - (crc24rfc2440_init): Use crc24_init. - (crc32_write): Rewrite to use crc32_next & crc32_next4. - (crc24_write): Rewrite to use crc24_next & crc24_next4. - (crc32_final, crc32rfc1510_final): Use buf_put_be32. - (crc24rfc2440_final): Use crc24_final & buf_put_le32. - * tests/basic.c (check_digests): Add CRC "123456789" tests. - - Enable AMD64 AES implementation for WIN64. - + commit 66129b3334a5aa54ff8a97981507e4704f759571 - * cipher/rijndael-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (do_encrypt, do_decrypt) - [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use - assembly block to call AMD64 assembly encrypt/decrypt function. - - Enable AMD64 Whirlpool implementation for WIN64. - + commit 8422d5d699265b960bd1ca837044ee052fc5b614 - * cipher/whirlpool-sse2-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/whirlpool.c (USE_AMD64_ASM): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. - [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to - prototype. - [USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack - burn value. - - Enable AMD64 SHA512 implementations for WIN64. - + commit 1089a13073c26a9a456e43ec38d937e6ee7f4077 - * cipher/sha512-avx-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/sha512-avx-bmi2-amd64.S: Ditto. - * cipher/sha512-ssse3-amd64.S: Ditto. - * cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI) - (ASM_EXTRA_STACK): New. - (_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx) - (_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to - prototypes. - (transform): Add ASM_EXTRA_STACK to stack burn value. - - Enable AMD64 SHA256 implementations for WIN64. - + commit 022959099644f64df5f2a83ade21159864f64837 - * cipher/sha256-avx-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/sha256-avx2-bmi2-amd64.S: Ditto. - * cipher/sha256-ssse3-amd64.S: Ditto. - * cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI) - (ASM_EXTRA_STACK): New. - (_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx) - (_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes. - (transform): Add ASM_EXTRA_STACK to stack burn value. - - Enable AMD64 SHA1 implementations for WIN64. - + commit e433676a899fa0d274d40547166b03c7c8bd8e78 - * cipher/sha1-avx-amd64.S: Enable when - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - (ELF): New macro to mask lines with ELF specific commands. - * cipher/sha1-avx-bmi2-amd64.S: Ditto. - * cipher/sha1-ssse3-amd64.S: Ditto. - * cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable - when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. - [USE_SSSE3 || USE_AVX || USE_BMI2] (ASM_FUNC_ABI) - (ASM_EXTRA_STACK): New. - (_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx) - (_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to - prototypes. - (transform): Add ASM_EXTRA_STACK to stack burn value. - -2015-05-01 Jussi Kivilinna - - Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64. - + commit 4e09aaa36d151c3312019724a77fc09aa345b82f - * cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul) - ( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector - registers before use and restore after. - * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency - on !defined(__WIN64__). - * cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable, - aesni_prepare, aesni_prepare_2_6, aesni_cleanup) - ( aesni_cleanup_2_6): New. - [!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New. - (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc) - (_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec) - (_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use - 'aesni_prepare_2_6'. - * cipher/rijndael-internal.h (USE_SSSE3): Enable if - HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or - HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS. - (USE_AESNI): Remove dependency on !defined(__WIN64__) - * cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] - (vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New. - [!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New. - (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use - 'vpaes_ssse3_prepare'. - (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use - 'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'. - [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to - exclude '.type' and '.size' markers from assembly code, as they are - not support on WIN64/COFF objects. - * configure.ac (gcry_cv_gcc_attribute_ms_abi) - (gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi) - (gcry_cv_gcc_default_abi_is_sysv_abi) - (gcry_cv_gcc_win64_platform_as_ok): New checks. - - Add W64 support for mpi amd64 assembly. - + commit 460355f23e770637d29e3af7b998a957a2b5bc88 - acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set - 'ac_cv_sys_symbol_underscore=no' on MingW-W64. - mpi/amd64/func_abi.h: New. - mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT. - mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto. - mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto. - mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto. - mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto. - mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto. - mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto. - mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules. - [host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h. - - DES: Silence compiler warnings on Windows. - + commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed - * cipher/des.c (working_memcmp): Make pointer arguments 'const void *'. - - Cast pointers to integers using uintptr_t instead of long. - + commit 9cf224322007d90193d4910f0da6e0e29ce01d70 - - - Fix rndhw for 64-bit Windows build. - + commit d5a7e00b6b222566a5650639ef29684b047c1909 - * configure.ac: Add sizeof check for 'void *'. - * random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8 - instead of defined(__LP64__). - (RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of - defined(__LP64__). - - Prepare random/win32.c fast poll for 64-bit Windows. - + commit 0cdd24456b33defc7f8176fa82ab694fbc284385 - * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to - ADDINT. - (_gcry_rndw32_gather_random_fast): Add ADDPTR. - (_gcry_rndw32_gather_random_fast): Disable entropy gathering from - GetQueueStatus(QS_ALLEVENTS). - (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and - maximumWorkingSetSize to SIZE_T from DWORD. - (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of - minimumWorkingSetSize and maximumWorkingSetSize to random poll. - (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly - using intrinsic. - - Disable GCM and AES-NI assembly implementations for WIN64. - + commit f701954555340a503f6e52cc18d58b0c515427b7 - * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when - __WIN64__ defined. - * cipher/rijndael-internal.h (USE_AESNI): Ditto. - - Disable building mpi assembly routines on WIN64. - + commit e78560a4b717f7154f910a8ce4128de152f586da - * mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'. - - Fix packed attribute check for Windows targets. - + commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe - * configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its - own packed structure. - - Fix tail handling in buf_xor_1. - + commit c2dba93e639639bdac139b3a3a456d10ddc61f79 - * cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail - handling. - - Add --disable-hwf for basic tests. - + commit 839a3bbe2bb045139223b32753d656cc6c3d4669 - * tests/basic.c (main): Add handling for '--disable-hwf'. - - Use more odd chuck sizes for check_one_md. - + commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8 - * tests/basic.c (check_one_md): Make chuck size vary oddly, instead - of using fixed length of 1000 bytes. - - Enable more modes in basic ciphers test. - + commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435 - * src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New. - * tests/basic.c (check_one_cipher_core_reset): New. - (check_one_cipher_core): Use check_one_cipher_core_reset inplace of - gcry_cipher_reset. - (check_ciphers): Add CCM and OCB modes for block cipher tests. - - Fix reseting cipher in OCB mode. - + commit 88842cbc68beb4f73c87fdbcb74182cba818f789 - * cipher/cipher.c (cipher_reset): Setup default taglen for OCB after - clearing state. - -2015-04-30 Jussi Kivilinna - - Fix buggy RC4 AMD64 assembly and add test to notice similar issues. - + commit 124dfce7c5a2d9405fa2b2832e91ac1267943830 - * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of - 'x' and 'y'. - * tests/basic.c (get_algo_mode_blklen): New. - (check_one_cipher_core): Add new tests for split buffer input on - encryption and decryption. - -2015-04-26 Jussi Kivilinna - - Disallow compiler from generating SSE instructions in mixed C+asm source - + commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e - * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target - pragma to disable compiler use of SSE. - * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto. - * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto. - -2015-04-18 Jussi Kivilinna - - Add OCB bulk crypt/auth functions for AES/AES-NI. - + commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac - * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt - and bulk.ocb_auth. - (_gcry_cipher_ocb_get_l): New prototype. - * cipher/cipher-ocb.c (get_l): Rename to ... - (_gcry_cipher_ocb_get_l): ... this. - (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when - available. - * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk - functions for AES. - * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec) - (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New. - * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt) - (_gcry_aes_aesni_ocb_auth): New prototypes. - (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New. - * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New - prototypes. - * tests/basic.c (check_ocb_cipher_largebuf): New. - (check_ocb_cipher): Add large buffer encryption/decryption test. - -2015-04-15 Werner Koch - - tests: Add option to time the S2K function. - + commit fe38d3815b4cd203cd529949e244aca80d32897f - * tests/t-kdf.c: Include stopwatch.h. - (dummy_consumer): new. - (bench_s2k): New. - (main): Add option parser and option --s2k. - - tests: Improve stopwatch.h. - + commit 3b03a3b493233a472da531d8d9582d1be6d376b0 - * tests/stopwatch.h (elapsed_time): Add arg divisor. - -2015-04-13 Werner Koch - - mpi: Fix gcry_mpi_copy for NULL opaque data. - + commit 9fca46864e1b5a9c788072113589454adb89fa97 - * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed. - -2015-03-21 Jussi Kivilinna - - wipememory: use one-byte aligned type for unaligned memory accesses. - + commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2 - * src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned - access only when HAVE_GCC_ATTRIBUTE_PACKED and - HAVE_GCC_ATTRIBUTE_ALIGNED defined. - (fast_wipememory_t): New. - (fast_wipememory2): Use 'fast_wipememory_t'. - - bufhelp: use one-byte aligned type for unaligned memory accesses. - + commit 92fa5f16d69707e302c0f85b2e5e80af8dc037f1 - * cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when - HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined. - (bufhelp_int_t): New type. - (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use - 'bufhelp_int_t'. - [BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New. - [BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32) - (buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64) - (buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'. - * configure.ac (gcry_cv_gcc_attribute_packed): New. - - tests/bench-slope: fix memory-leak and use-after-free bugs. - + commit aa234561d00c3fb15fe501df4bf58f3db7c7c06b - * tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end. - (bench_mac_init): Move 'key' free at end of function. - -2015-03-19 Werner Koch - - Fix two pedantic warnings. - + commit f5832285b0e420d77be1b8da10a1e1d86583b414 - * src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing - comma. - -2015-03-16 Werner Koch - - Use well defined type instead of size_t in secmem.c. - + commit db8ae3616987fa288173446398a107e31e2e28aa - * src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t. - - Make uintptr_t global available. - + commit f0f60c1a04d664936bcf52e8f46705bdc63e7ad9 - * cipher/bufhelp.h: Move include for uintptr_t to ... - * src/types.h: here. Check that config.h has been included. - - mpi: Remove useless condition. - + commit 0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec - * mpi/mpi-pow.c: Remove condition rp==mp. - - cipher: Remove useless NULL check. - + commit fbb97dcf763e28e81e01092ad4c934b3eaf88cc8 - * cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for - hd->buf. - -2015-02-28 Jussi Kivilinna - - Fix in-place encryption for OCB mode. - + commit 5e66a4f8d5a63f58caeee367433dd8dd32346083 - * cipher/cipher-ocb.c (ocb_checksum): New. - (ocb_crypt): Move checksum calculation outside main crypt loop, do - checksum calculation for encryption before inbuf is overwritten. - * tests/basic.c (check_ocb_cipher): Rename to ... - (do_check_ocb_cipher): ... to this and add argument for testing - in-place encryption/decryption. - (check_ocb_cipher): New. - -2015-02-27 NIIBE Yutaka - - tests: fix t-sexp.c. - + commit 505decf5369970219ddc9e78a20f97c623957b78 - * tests/t-sexp.c (bug_1594): Free N and PUBKEY. - - mpi: Avoid data-dependent timing variations in mpi_powm. - + commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 - * mpi/mpi-pow.c (mpi_powm): Access all data in the table by - mpi_set_cond. - - mpi: Revise mpi_powm. - + commit 1fa8cdb933505960d4e4b4842b122d4e06953e88 - * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP. - -2015-02-23 Werner Koch - - cipher: Use ciphertext blinding for Elgamal decryption. - + commit 410d70bad9a650e3837055e36f157894ae49a57d - * cipher/elgamal.c (USE_BLINDING): New. - (decrypt): Rewrite to use ciphertext blinding. - -2015-02-12 NIIBE Yutaka - - mpi: Add mpi_set_cond. - + commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 - * mpi/mpiutil.c (_gcry_mpi_set_cond): New. - (_gcry_mpi_swap_cond): Fix types. - * src/mpi.h (mpi_set_cond): New. - -2015-01-30 Werner Koch - - w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll. - + commit 40a7bdf50e19faaf106470897fed72af623adc50 - * src/Makefile.am (extra_ltoptions): New. - (libgcrypt_la_LDFLAGS): Use it. - -2015-01-28 Werner Koch - - Fix building of GOST s-boxes when cross-compiling. - + commit 2564d204e408b296425ac0660c6bdc6270575fb6 - * cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD. - (noinst_PROGRAMS): Remove. - (EXTRA_DIST): New. - (CLEANFILES): New. - -2015-01-20 Jussi Kivilinna - - rijndael: fix wrong ifdef for SSSE3 setkey. - + commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 - * cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI - around SSSE3 setkey selection. - -2015-01-16 Werner Koch - - Add OCB cipher mode. - + commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c - * cipher/cipher-ocb.c: New. - * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c - * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New. - (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb. - * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode. - (_gcry_cipher_open_internal): Setup default taglen of OCB. - (cipher_reset): Clear OCB specific data. - (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) - (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions. - (_gcry_cipher_setiv): Add OCB specific nonce setting. - (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN - - * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New. - (gcry_cipher_final): New. - - * cipher/bufhelp.h (buf_xor_1): New. - - * tests/basic.c (hex2buffer): New. - (check_ocb_cipher): New. - (main): Call it here. Add option --cipher-modes. - * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call - gcry_cipher_final. - (bench_aead_decrypt_do_bench): Ditto. - (bench_aead_authenticate_do_bench): Ditto. Check error code. - (bench_ocb_encrypt_do_bench): New. - (bench_ocb_decrypt_do_bench): New. - (bench_ocb_authenticate_do_bench): New. - (ocb_encrypt_ops): New. - (ocb_decrypt_ops): New. - (ocb_authenticate_ops): New. - (cipher_modes): Add them. - (cipher_bench_one): Skip wrong block length for OCB. - * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add - OCB support. - -2015-01-15 Werner Koch - - Add functions to count trailing zero bits in a word. - + commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda - * cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New. - * configure.ac (HAVE_BUILTIN_CTZ): Add new test. - -2015-01-08 Werner Koch - - cipher: Prepare for OCB mode. - + commit 9d328962660da72f094dc5424d5ef67abbaffdf6 - * src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New. - -2015-01-06 Werner Koch - - Make make distcheck work again. - + commit 4f7dcdc25af269b12275126edeef30b262fb891d - * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers. - * cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h. - -2015-01-06 Dmitry Eremin-Solenikov - - stribog: Reduce table size to the needed one. - + commit e4de52378a85cf383994ded8edf0d5cf98dcb10c - * cipher/stribog.c (C16): Avoid allocating superfluous space. - - gostr3411-94: Fix the iteration count for length filling loop. - + commit 05dc5bcd234909ae9c9366b653346076b9a834ed - * cipher/gostr3411-94.c (gost3411_final): Fix loop - -2015-01-05 Werner Koch - - random: Silent warning under NetBSD using rndunix. - + commit 817472358a093438e802380caecf7139406400cf - * random/rndunix.c (STDERR_FILENO): Define if needed. - (start_gatherer): Re-open standard descriptors. Fix an - unsigned/signed pointer warning. - - primegen: Fix memory leak for invalid call sequences. - + commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 - * cipher/primegen.c (prime_generate_internal): Refactor generator code - to not leak memory for non-implemented feature. - (_gcry_prime_group_generator): Refactor to not leak memory for invalid - args. Also make sure that R_G is set as soon as possible. - - doc: Update yat2m to current upstream version (GnuPG). - + commit dd5df198727ea5d8f6b04288e14fd732051453c8 - - - build: Require automake 1.14. - + commit f65276970a6dcd6d9bca94cecc49b68acdcc9492 - * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests. - - Replace camel case of internal scrypt functions. - + commit 1a6d65ac0aab335541726d02f2046d883a768ec3 - * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change - callers. - (_scryptBlockMix): Rename to scrypt_block_mix. Change callers. - (_scryptROMix): Rename to scrypt_ro_mix. Change callers. - -2015-01-02 Jussi Kivilinna - - rmd160: restore native-endian store in _gcry_rmd160_mixblock. - + commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de - * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in - native-endianess. - -2014-12-27 Jussi Kivilinna - - Add Intel SSSE3 based vector permutation AES implementation. - + commit 8eabecc883332156adffc1df42d27f614c157e06 - * cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'. - * cipher/rijndael-internal.h (USE_SSSE3): New. - (RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'. - * cipher/rijndael-ssse3-amd64.c: New. - * cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey) - (_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt) - (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc) - (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) - (_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New. - (do_setkey): Add HWF check for SSSE3 and setup for SSSE3 - implementation. - (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) - (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add - selection for SSSE3 implementation. - * configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'. - -2014-12-25 Jussi Kivilinna - - random-csprng: fix compiler warnings on ARM. - + commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2 - * random/random-csprng.c (_gcry_rngcsprng_update_seed_file) - (read_pool): Cast keypool and rndpool to 'unsigned long *' through - 'void *'. - - scrypt: fix compiler warnings on ARM. - + commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94 - * cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'. - - secmem: fix compiler warnings on ARM. - + commit 99faf9cb34f872144313403f29f3379798debfc9 - * src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer - from 'char *' to 'memblock_t *' through 'void *'. - (MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'. - - hash: fix compiler warning on ARM. - + commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 - * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through - 'void *'. - * cipher/md4.c (md4_final): Use buf_put_* helper instead of - converting 'char *' to 'u32 *'. - * cipher/md5.c (md5_final): Ditto. - * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto. - * cipher/sha1.c (sha1_final): Ditto. - * cipher/sha256.c (sha256_final): Ditto. - * cipher/sha512.c (sha512_final): Ditto. - * cipher/tiger.c (tiger_final): Ditto. - - rijndael: fix compiler warnings on ARM. - + commit cc26106dbebeb84d481661813edc3e5aea9a7d99 - * cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of - keyschedule arrays to unions u1 and u2. - (keyschedenc32, keyscheddec32): New. - * cipher/rijndael.c (u32_a_t): Remove. - (do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove - casting byte arrays to u32_a_t. - (prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32 - and keyscheddec32; Remove casting byte arrays to u32_a_t. - -2014-12-23 Jussi Kivilinna - - Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03 - + commit 520070e02e2e6ee7228945015573a6e1f4895ec3 - * cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte - counters for AAD and data in Poly1305. - * cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove. - (poly1305_fill_bytecounts, poly1305_do_padding): New. - (poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD - length. - (_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt) - (_gcry_cipher_poly1305_decrypt): Update AAD and data length separately. - (_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305. - (_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset - AAD and data byte counts; only allow 96-bit IV. - * cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to - ChaCha20 cipher. - * tests/basic.c (_check_poly1305_cipher): Update test-vectors. - (check_ciphers): Limit Poly1305-AEAD checks to ChaCha20. - * tests/bench-slope.c (cipher_bench_one): Ditto. - - chacha20: allow setting counter for stream random access. - + commit 11b8d2d449a7bc664b4371ae14c57caa6704d272 - * cipher/chacha20.c (CHACHA20_CTR_SIZE): New. - (chacha20_ivsetup): Add setup for full counter. - (chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE. - - gcm: do not pass extra key pointer for setupM/fillM. - + commit c964321c8a1328e89d636d899a45d68802f5ac9f - * cipher/cipher-gcm-intel-pclmul.c - (_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter. - * cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto. - (fillM): Get 'h' pointer from 'c'. - (setupM): Remome 'h' parameter. - (_gcry_cipher_gcm_setkey): Only pass 'c' to setupM. - - rijndael: use more compact look-up tables and add table prefetching. - + commit 2374753938df64f6fd8015b44613806a326eff1a - * cipher/rijndael-internal.h (rijndael_prefetchfn_t): New. - (RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'. - * cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1) - (U2, U3, U4): Remove. - (encT, dec_tables, decT, inv_sbox): Add. - * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block) - (_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block) - (_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer - to assembly implementation. - (prefetch_table, prefetch_enc, prefetch_dec): New. - (do_setkey): Setup context prefetch functions depending on selected - rijndael implementation; Use new tables for key setup. - (prepare_decryption): Use new tables for decryption key setup. - (do_encrypt_aligned): Rename to... - (do_encrypt_fn): ... to this, change to use new compact tables, - make handle unaligned input and unroll rounds loop by two. - (do_encrypt): Remove handling of unaligned input/output; pass table - pointer to assembly implementations. - (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) - (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables - before encryption. - (do_decrypt_aligned): Rename to... - (do_decrypt_fn): ... to this, change to use new compact tables, - make handle unaligned input and unroll rounds loop by two. - (do_decrypt): Remove handling of unaligned input/output; pass table - pointer to assembly implementations. - (rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables - before decryption. - * cipher/rijndael-amd64.S: Use 1+1.25 KiB tables for - encryption+decryption; remove tables from assembly file. - * cipher/rijndael-arm.S: Ditto. - -2014-12-15 Werner Koch - - build: Add configure option --disable-doc. - + commit ad50e360ef4851e66e51a03fc420175636336b58 - * Makefile.am (AUTOMAKE_OPTIONS): Remove. - (doc) [!BUILD_DOC]: Do not recurse into the dir. - * configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am. - (BUILD_DOC): Add new am_conditional. - -2014-12-12 Jussi Kivilinna - - rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes - + commit 4f46374502eb988d701b904f83819e2cf7b1755c - * cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass - input/output through SSE register XMM0. - (do_aesni_cfb): Remove. - (_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing - input/output to/from XMM0. - (_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc) - (_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and - move IV loading/storing outside loop. - (_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'. - - GCM: move Intel PCLMUL accelerated implementation to separate file. - + commit 4a0795af021305f9240f23626a3796157db46bd7 - * cipher/Makefile.am: Add 'cipher-gcm-intel-pclmul.c'. - * cipher/cipher-gcm-intel-pclmul.c: New. - * cipher/cipher-gcm.c [GCM_USE_INTEL_PCLMUL] - (_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): New - prototypes. - [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul, gfmul_pclmul_aggr4): Move - to 'cipher-gcm-intel-pclmul.c'. - (ghash): Rename to... - (ghash_internal): ...this and move GCM_USE_INTEL_PCLMUL part to new - function in 'cipher-gcm-intel-pclmul.c'. - (setupM): Move GCM_USE_INTEL_PCLMUL part to new function in - 'cipher-gcm-intel-pclmul.c'; Add selection of ghash function based - on available HW acceleration. - (do_ghash_buf): Change use of 'ghash' to 'c->u_mode.gcm.ghash_fn'. - * cipher/internal.h (ghash_fn_t): New. - (gcry_cipher_handle): Remove 'use_intel_pclmul'; Add 'ghash_fn'. - -2014-12-06 Jussi Kivilinna - - rijndael: split Padlock part to separate file. - + commit cbf4c8cb6bbda15eea61885279f2a6f1d4bcedfd - * cipher/Makefile.am: Add 'rijndael-padlock.c'. - * cipher/rijndael-padlock.c: New. - * cipher/rijndael.c (do_padlock, do_padlock_encrypt) - (do_padlock_decrypt): Move to 'rijndael-padlock.c'. - * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-padlock.lo'. - -2014-12-01 Jussi Kivilinna - - rijndael: refactor to reduce number of #ifdefs and branches. - + commit 3d5b51786e2050c461e9791b59142a731462b66d - * cipher/rijndael-aesni.c (_gcry_aes_aesni_encrypt) - (_gcry_aes_aesni_decrypt): Make return stack burn depth. - * cipher/rijndael-amd64.S (_gcry_aes_amd64_encrypt_block) - (_gcry_aes_amd64_decrypt_block): Ditto. - * cipher/rijndael-arm.S (_gcry_aes_arm_encrypt_block) - (_gcry_aes_arm_decrypt_block): Ditto. - * cipher/rijndael-internal.h (RIJNDAEL_context_s) - (rijndael_cryptfn_t): New. - (RIJNDAEL_context): New members 'encrypt_fn' and 'decrypt_fn'. - * cipher/rijndael.c (_gcry_aes_amd64_encrypt_block) - (_gcry_aes_amd64_decrypt_block, _gcry_aes_aesni_encrypt) - (_gcry_aes_aesni_decrypt, _gcry_aes_arm_encrypt_block) - (_gcry_aes_arm_decrypt_block): Change prototypes. - (do_padlock_encrypt, do_padlock_decrypt): New. - (do_setkey): Separate key-length to rounds conversion from - HW features check; Add selection for ctx->encrypt_fn and - ctx->decrypt_fn. - (do_encrypt_aligned, do_decrypt_aligned): Move inside - '[!USE_AMD64_ASM && !USE_ARM_ASM]'; Move USE_AMD64_ASM and - USE_ARM_ASM to... - (do_encrypt, do_decrypt): ...here; Return stack depth; Remove second - temporary buffer from non-aligned input/output case. - (do_padlock): Move decrypt_flag to last argument; Return stack depth. - (rijndael_encrypt): Remove #ifdefs, just call ctx->encrypt_fn. - (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc): Remove USE_PADLOCK; Call - ctx->encrypt_fn in place of do_encrypt/do_encrypt_aligned. - (_gcry_aes_ctr_enc): Call ctx->encrypt_fn in place of - do_encrypt_aligned; Make tmp buffer 16-byte aligned and wipe buffer - after use. - (rijndael_encrypt): Remove #ifdefs, just call ctx->decrypt_fn. - (_gcry_aes_cfb_dec): Remove USE_PADLOCK; Call ctx->decrypt_fn in place - of do_decrypt/do_decrypt_aligned. - (_gcry_aes_cbc_dec): Ditto; Make savebuf buffer 16-byte aligned. - - rijndael: move AES-NI blocks before Padlock. - + commit dbf9e95dd3891f6e6ad370e8ab78fec03595687b - * cipher/rijndael.c (do_setkey, rijndael_encrypt, _gcry_aes_cfb_enc) - (rijndael_decrypt, _gcry_aes_cfb_dec): Move USE_AESNI before - USE_PADLOCK. - (check_decryption_praparation) [USE_PADLOCK]: Move to... - (prepare_decryption) [USE_PADLOCK]: ...here. - - rijndael: split AES-NI functions to separate file. - + commit 67d529630e838daeb8cb9c6d7ef660c01ef34fee - * cipher/Makefile.in: Add 'rijndael-aesni.c'. - * cipher/rijndael-aesni.c: New. - * cipher/rijndael-internal.h: New. - * cipher/rijndael.c (MAXKC, MAXROUNDS, BLOCKSIZE, ATTR_ALIGNED_16) - (USE_AMD64_ASM, USE_ARM_ASM, USE_PADLOCK, USE_AESNI, RIJNDAEL_context) - (keyschenc, keyschdec, padlockkey): Move to 'rijndael-internal.h'. - (u128_s, aesni_prepare, aesni_cleanup, aesni_cleanup_2_6) - (aesni_do_setkey, do_aesni_enc, do_aesni_dec, do_aesni_enc_vec4) - (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Move - to 'rijndael-aesni.c'. - (prepare_decryption, rijndael_encrypt, _gcry_aes_cfb_enc) - (_gcry_aes_cbc_enc, _gcry_aes_ctr_enc, rijndael_decrypt) - (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec) [USE_AESNI]: Move to functions - in 'rijdael-aesni.c'. - * configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-aesni.lo'. - -2014-11-24 Werner Koch - - Remove duplicated prototypes. - + commit d53ea84bed37b973f7ce59262c50b33700cd8311 - * src/gcrypt-int.h (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi) - (gcry_mpi_ec_set_point): Remove. - - tests: Add a prime mode to benchmark. - + commit 1b4210c204a5ef5e631187509e011b8468a134ef - * tests/benchmark.c (progress_cb): Add a single char mode. - (prime_bench): New. - (main): Add a "prime" mode. Factor with_progress out to file scope. - -2014-11-19 NIIBE Yutaka - - ecc: Improve Montgomery curve implementation. - + commit e6130034506013d6153465a2bedb6fb08a43f74d - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support - MPI_EC_MONTGOMERY. - * cipher/ecc.c (test_ecdh_only_keys): New. - (nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY. - (check_secret_key): Handle Montgomery curve of x-coordinate only. - * mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop. - Simplify, using pointers of Q1, Q2, PRD, and SUM. - -2014-11-02 Jussi Kivilinna - - Disable NEON for CPUs that are known to have broken NEON implementation. - + commit 95eef21583d8e998efc48f22898c1ae31b77cb48 - * src/hwf-arm.c (detect_arm_proc_cpuinfo): Add parsing for CPU version - information and check if CPU is known to have broken NEON - implementation. - (_gcry_hwf_detect_arm): Filter out broken HW features. - - Add ARM/NEON implementation of Poly1305. - + commit 0b520128551054d83fb0bb2db8873394f38de498 - * cipher/Makefile.am: Add 'poly1305-armv7-neon.S'. - * cipher/poly1305-armv7-neon.S: New. - * cipher/poly1305-internal.h (POLY1305_USE_NEON) - (POLY1305_NEON_BLOCKSIZE, POLY1305_NEON_STATESIZE) - (POLY1305_NEON_ALIGNMENT): New. - * cipher/poly1305.c [POLY1305_USE_NEON] - (_gcry_poly1305_armv7_neon_init_ext) - (_gcry_poly1305_armv7_neon_finish_ext) - (_gcry_poly1305_armv7_neon_blocks, poly1305_armv7_neon_ops): New. - (_gcry_poly1305_init) [POLY1305_USE_NEON]: Select NEON implementation - if HWF_ARM_NEON set. - * configure.ac [neonsupport=yes]: Add 'poly1305-armv7-neon.lo'. - - chacha20: add ARMv7/NEON implementation. - + commit c584f44543883346d5a565581ff99a0afce9c5e1 - * cipher/Makefile.am: Add 'chacha20-armv7-neon.S'. - * cipher/chacha20-armv7-neon.S: New. - * cipher/chacha20.c (USE_NEON): New. - [USE_NEON] (_gcry_chacha20_armv7_neon_blocks): New. - (chacha20_do_setkey) [USE_NEON]: Use Neon implementation if - HWF_ARM_NEON flag set. - (selftest): Self-test encrypting buffer byte by byte. - * configure.ac [neonsupport=yes]: Add 'chacha20-armv7-neon.lo'. - -2014-10-08 Markus Teich - - mpi: Add gcry_mpi_ec_sub. - + commit 23ecadf309f8056c35cc092e58df801ac0eab862 - * NEWS (gcry_mpi_ec_sub): New. - * doc/gcrypt.texi (gcry_mpi_ec_sub): New. - * mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New. - (sub_points_montgomery, sub_points_weierstrass): New stubs. - * src/gcrypt-int.h (_gcry_mpi_ec_sub): New. - * src/gcrypt.h.in (gcry_mpi_ec_sub): New. - * src/libgcrypt.def (gcry_mpi_ec_sub): New. - * src/libgcrypt.vers (gcry_mpi_ec_sub): New. - * src/mpi.h (_gcry_mpi_ec_sub_points): New. - * src/visibility.c (gcry_mpi_ec_sub): New. - * src/visibility.h (gcry_mpi_ec_sub): New. - -2014-10-08 Werner Koch - - Fix prime test for 2 and lower and add check command to mpicalc. - + commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709 - * cipher/primegen.c (check_prime): Return true for the small primes. - (_gcry_prime_check): Return correct values for 2 and lower numbers. - - * src/mpicalc.c (do_primecheck): New. - (main): Add command 'P'. - (main): Allow for larger input data. - -2014-10-04 Jussi Kivilinna - - Add Whirlpool AMD64/SSE2 assembly implementation. - + commit de0ccd4dce7ec185a678d78878d4538dd609ca0f - * cipher/Makefile.am: Add 'whirlpool-sse2-amd64.S'. - * cipher/whirlpool-sse2-amd64.S: New. - * cipher/whirlpool.c (USE_AMD64_ASM): New. - (whirlpool_tables_s): New. - (rc, C0, C1, C2, C3, C4, C5, C6, C7): Combine these tables into single - structure and replace old tables with macros of same name. - (tab): New structure containing above tables. - [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64) - (whirlpool_transform): New. - * configure.ac [host=x86_64]: Add 'whirlpool-sse2-amd64.lo'. - -2014-10-04 Andrei Scherer - - Improved ripemd160 performance. - + commit 30bd759f398f45b04d0a783b875f59ce9bd1e51d - * cipher/rmd160.c (transform): Interleave the left and right lane - rounds to introduce more instruction level parallelism. - -2014-10-02 Werner Koch - - build: Document SYSROOT. - + commit 0ecd136a6ca02252f63ad229fa5240897bfe6544 - * configure.ac: Mark SYSROOT as arg var. - - build: Support SYSROOT based config script finding. - + commit 1e8b86494cf8fa045696bd447b16267ffd1797f0 - * src/libgcrypt.m4: Add support for SYSROOT and set - gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL - because the config script is not expected to be installed with a - prefix for its name - * configure.ac: Print a library mismatch warning. - * m4/gpg-error.m4: Update from git master. - -2014-09-30 Werner Koch - - mac: Fix gcry_mac_close to allow for a NULL handle. - + commit 51dae8c8c4b63bb5e1685cbd8722e35342524737 - * cipher/mac.c (_gcry_mac_close): Check for NULL. - -2014-09-03 Werner Koch - - Add a constant for a forthcoming new RNG. - + commit 8b960a807d168000d2690897a7634bd384ac1346 - * src/gcrypt.h.in (GCRYCTL_DRBG_REINIT): New constant. - -2014-09-02 Jussi Kivilinna - - Add new Poly1305 MAC test vectors. - + commit 8a2a328742012a7c528dd007437185e4584c1e48 - * tests/basic.c (check_mac): Add new test vectors for Poly1305 MAC. - -2014-09-02 Werner Koch - - asm: Allow building x86 and amd64 using old compilers. - + commit 5eec04a43e6c562e956353449be931dd43dfe1cc - * src/hwf-x86.c (get_xgetbv): Build only if AVX support is enabled. - -2014-08-21 Werner Koch - - sexp: Check args of gcry_sexp_build. - + commit e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c - * src/sexp.c (do_vsexp_sscan): Return error for invalid args. - - cipher: Fix a segv in case of calling with wrong parameters. - + commit f850add813d783f31ca6a60459dea25ef71bce7e - * cipher/md.c (_gcry_md_info): Fix arg testing. - - cipher: Fix possible NULL deref in call to prime generator. - + commit 18056ace7f466cb8c1eaf08e5dc0400516d83b4c - * cipher/primegen.c (_gcry_generate_elg_prime): Change to return an - error code. - * cipher/dsa.c (generate): Take care of new return code. - * cipher/elgamal.c (generate): Change to return an error code. Take - care of _gcry_generate_elg_prime return code. - (generate_using_x): Take care of _gcry_generate_elg_prime return code. - (elg_generate): Propagate return code from generate. - -2014-08-12 NIIBE Yutaka - - ecc: Support Montgomery curve for gcry_mpi_ec_mul_point. - + commit 34bb55ee36df3aca3ebca88f8b61c786cd0c0701 - * mpi/ec.c (_gcry_mpi_ec_get_affine): Support Montgomery curve. - (montgomery_ladder): New. - (_gcry_mpi_ec_mul_point): Implemention using montgomery_ladder. - (_gcry_mpi_ec_curve_point): Check x-coordinate is valid. - -2014-08-09 Werner Koch - - tests: Add a benchmark for Elgamal. - + commit e6d354865bf8f3d4c1bb5e8157a76fdd442cff41 - * tests/benchmark.c (sample_public_elg_key_1024): New. - (sample_private_elg_key_1024): New. - (sample_public_elg_key_2048, sample_private_elg_key_2048): New. - (sample_public_elg_key_3072, sample_private_elg_key_3072): New. - (elg_bench): New. - (main): Add elg_bench. Add commands "elg" and "public". - -2014-08-08 NIIBE Yutaka - - ecc: Add cofactor to domain parameters. - + commit 9933b9e5e1a3f5b1019c75f93bd265d4a1ecc270 - * src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'. - * cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'. - (_gcry_ecc_update_curve_param): New API adding cofactor. - - * cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'. - (ecc_domain_parms_t domain_parms): Add cofactors. - (_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param) - (_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp) - (_gcry_ecc_get_mpi): Handle cofactor. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. - * cipher/ecc-misc.c (_gcry_ecc_curve_free) - (_gcry_ecc_curve_copy): Likewise. - * cipher/ecc.c (nist_generate_key, ecc_generate) - (ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw) - (ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc): - Likewise. - (compute_keygrip): Handle cofactor, but skip it for its computation. - * mpi/ec.c (ec_deinit): Likewise. - * tests/t-mpi-point.c (context_param): Likewise. - (test_curve): Add cofactors. - * tests/curves.c (sample_key_1, sample_key_2): Add cofactors. - * tests/keygrip.c (key_grips): Add cofactors. - -2014-08-05 Werner Koch - - mpi: Fix regression for powerpc-apple-darwin detection. - + commit 4ce77b0a810d3c889c07dfb385127d90fa1ae36a - * mpi/config.links: Add separate entry for powerpc-apple-darwin. - - Fix bug inhibiting the use of the sentinel attribute. - + commit d2d28298ccc0d0f3c0b03fd323deb1e8808ef74f - * src/gcrypt.h.in: Fix typo in macro. - - mpi: Use BSD syntax for x86_64-apple-darwin. - + commit 71939faa7c54e7b4b28d115e748a85f134876a02 - * mpi/config.links: Add case for x86_64-apple-darwin. - -2014-08-05 Kristian Fiskerstrand - - Fix building for the x32 target without asm modules. - + commit a17c29844b63e9e869f7855d901bc9d859234ead - * mpi/generic/mpi-asm-defs.h: Use a fixed value for the x32 ABI. - -2014-07-25 Werner Koch - - ecc: Support the non-standard 0x40 compression flag for EdDSA. - + commit 4556f9b19c024f16bdf542da7173395c0741b91d - * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA. - * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX. - (_gcry_ecc_eddsa_encodepoint): Ditto. - (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix. - (_gcry_ecc_eddsa_decodepoint): Ditto. - * tests/keygrip.c: Check an compresssed with prefix Ed25519 key. - * tests/t-ed25519.inp: Ditto. - - mpi: Extend the internal mpi_get_buffer. - + commit 0e10902ad7584277ac966367efc712b183784532 - * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC. - (_gcry_mpi_get_buffer_extra): New. - - cipher: Fix compiler warning for chacha20. - + commit 4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab - * cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build. - -2014-07-16 NIIBE Yutaka - - mpi: Add mpi_swap_cond. - + commit 4846e52728970e3117f3a046ef9010be089a3ae4 - * mpi/mpiutil.c (_gcry_mpi_swap_cond): New. - * src/mpi.h (mpi_swap_cond): New. - -2014-06-29 Jussi Kivilinna - - Speed-up SHA-1 NEON assembly implementation. - + commit 1b9b00bbe41bbed32563f1102049521e703e72bd - * cipher/sha1-armv7-neon.S: Tweak implementation for speed-up. - -2014-06-28 Dmitry Eremin-Solenikov - - gostr3411_94: rewrite to use u32 mathematic. - + commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 - * cipher/gost28147.c (_gcry_gost_enc_data): New. - * cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic - internally. - * cipher/gost28147.c (_gcry_gost_enc_one): Remove. - - gost28147: use bufhelp helpers. - + commit 7aeba6c449169926076df83b01ddbfa6b41fe411 - * cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block): - use buf_get_le32/buf_put_le32 helpers. - - Fixup curve name in the GOST2012 test case. - + commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13 - * tests/basic.c (check_pubkey): fixup curve name in public key. - - Update PBKDF2 tests with GOST R 34.11-94 test cases. - + commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7 - * tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases. - - Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet. - + commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9 - * src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New. - * src/cipher.h (_gcry_digest_spec_gost3411_cp): New. - * cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between - CryptoPro and Test S-Boxes. - * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp, - gost3411_cp_init): New. - * cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32. - - gost28147: support GCRYCTL_SET_SBOX. - + commit 5ee35a04362c94e680ef3633fa83b72e0aee8626 - cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New. - - Support setting s-box for the ciphers that require it. - + commit fb074d113fcbf66a5c20592625cb19051f3430f5 - * src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New. - * cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to - set_extra_info callback. - - cipher/gost28147: generate optimized s-boxes from compact ones. - + commit 164738a0292b3f32c7747099ad9cadace58e5eda - * cipher/gost-s-box.c: New. Outputs optimized expanded representation of - s-boxes (4x256) from compact 16x8 representation. - * cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo - * cipher/gost.h: Add sbox to the GOST28147_context structure. - * cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from - GOST R 34.11 (this was the only one S-box before). - * cipher/gost28147.c (gost_val): Use sbox from the context. - - gost28147: add OIDs used to define cipher mode. - + commit 34a58010000288515636706811c3837f32957b2e - * cipher/gost28147 (oids_gost28147): Add OID from RFC4357. - - GOST R 34.11-94 add OIDs. - + commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837 - * cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357. - -2014-05-21 Jussi Kivilinna - - tests: add larger test-vectors for hash algorithms. - + commit f14fb5b427b5159fcd9603d2b3cde936889cf430 - * tests/basic.c (check_digests): Add large test-vectors for MD5, SHA1, - SHA224, SHA256, SHA384, RMD160, CRC32, TIGER1, WHIRLPOOL and - GOSTR3411_94. - - sha512: fix ARM/NEON implementation. - + commit beb901575f0d6cd6a0a27506ebea9a725754d0cc - * cipher/sha512-armv7-neon.S - (_gcry_sha512_transform_armv7_neon): Byte-swap RW67q and RW1011q - correctly in multi-block loop. - * tests/basic.c (check_digests): Add large test vector for SHA512. - -2014-05-20 Jussi Kivilinna - - Fix ARM assembly when building __PIC__ - + commit 994c758d8f5471c7e9c38c2834742cca2502d35f - * cipher/camellia-arm.S (GET_DATA_POINTER): New. - (_gcry_camellia_arm_encrypt_block): Use GET_DATA_POINTER. - (_gcry_camellia_arm_decrypt_block): Ditto. - * cipher/cast5-arm.S (GET_DATA_POINTER): New. - (_gcry_cast5_arm_encrypt_block, _gcry_cast5_arm_decrypt_block) - (_gcry_cast5_arm_enc_blk2, _gcry_cast5_arm_dec_blk2): Use - GET_DATA_POINTER. - * cipher/rijndael-arm.S (GET_DATA_POINTER): New. - (_gcry_aes_arm_encrypt_block, _gcry_aes_arm_decrypt_block): Use - GET_DATA_POINTER. - * cipher/sha1-armv7-neon.S (GET_DATA_POINTER): New. - (.LK_VEC): Move from .text to .data section. - (_gcry_sha1_transform_armv7_neon): Use GET_DATA_POINTER. - -2014-05-17 Jussi Kivilinna - - Add Poly1305 to documentation. - + commit bf4943932dae95a0573b63bf32a9b9acd5a6ddf3 - * doc/gcrypt.texi: Add documentation for Poly1305 MACs and AEAD mode. - -2014-05-16 Jussi Kivilinna - - chacha20: add SSE2/AMD64 optimized implementation. - + commit 323b1eb80ff3396d83fedbe5bba9a4e6c412d192 - * cipher/Makefile.am: Add 'chacha20-sse2-amd64.S'. - * cipher/chacha20-sse2-amd64.S: New. - * cipher/chacha20.c (USE_SSE2): New. - [USE_SSE2] (_gcry_chacha20_amd64_sse2_blocks): New. - (chacha20_do_setkey) [USE_SSE2]: Use SSE2 implementation for blocks - function. - * configure.ac [host=x86-64]: Add 'chacha20-sse2-amd64.lo'. - - poly1305: add AMD64/AVX2 optimized implementation. - + commit 98f021961ee65669037bc8bb552a69fd78f610fc - * cipher/Makefile.am: Add 'poly1305-avx2-amd64.S'. - * cipher/poly1305-avx2-amd64.S: New. - * cipher/poly1305-internal.h (POLY1305_USE_AVX2) - (POLY1305_AVX2_BLOCKSIZE, POLY1305_AVX2_STATESIZE) - (POLY1305_AVX2_ALIGNMENT): New. - (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE) - (POLY1305_STATE_ALIGNMENT): Use AVX2 versions when needed. - * cipher/poly1305.c [POLY1305_USE_AVX2] - (_gcry_poly1305_amd64_avx2_init_ext) - (_gcry_poly1305_amd64_avx2_finish_ext) - (_gcry_poly1305_amd64_avx2_blocks, poly1305_amd64_avx2_ops): New. - (_gcry_poly1305_init) [POLY1305_USE_AVX2]: Use AVX2 implementation if - AVX2 supported by CPU. - * configure.ac [host=x86_64]: Add 'poly1305-avx2-amd64.lo'. - -2014-05-12 Jussi Kivilinna - - poly1305: add AMD64/SSE2 optimized implementation. - + commit 297532602ed2d881d8fdc393d1961068a143a891 - * cipher/Makefile.am: Add 'poly1305-sse2-amd64.S'. - * cipher/poly1305-internal.h (POLY1305_USE_SSE2) - (POLY1305_SSE2_BLOCKSIZE, POLY1305_SSE2_STATESIZE) - (POLY1305_SSE2_ALIGNMENT): New. - (POLY1305_LARGEST_BLOCKSIZE, POLY1305_LARGEST_STATESIZE) - (POLY1305_STATE_ALIGNMENT): Use SSE2 versions when needed. - * cipher/poly1305-sse2-amd64.S: New. - * cipher/poly1305.c [POLY1305_USE_SSE2] - (_gcry_poly1305_amd64_sse2_init_ext) - (_gcry_poly1305_amd64_sse2_finish_ext) - (_gcry_poly1305_amd64_sse2_blocks, poly1305_amd64_sse2_ops): New. - (_gcry_polu1305_init) [POLY1305_USE_SSE2]: Use SSE2 version. - * configure.ac [host=x86_64]: Add 'poly1305-sse2-amd64.lo'. - - Add Poly1305 based cipher AEAD mode. - + commit e813958419b0ec4439e6caf07d3b2234cffa2bfa - * cipher/Makefile.am: Add 'cipher-poly1305.c'. - * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.poly1305'. - (_gcry_cipher_poly1305_encrypt, _gcry_cipher_poly1305_decrypt) - (_gcry_cipher_poly1305_setiv, _gcry_cipher_poly1305_authenticate) - (_gcry_cipher_poly1305_get_tag, _gcry_cipher_poly1305_check_tag): New. - * cipher/cipher-poly1305.c: New. - * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) - (cipher_reset, cipher_encrypt, cipher_decrypt, _gcry_cipher_setiv) - (_gcry_cipher_authenticate, _gcry_cipher_gettag) - (_gcry_cipher_checktag): Handle 'GCRY_CIPHER_MODE_POLY1305'. - (cipher_setiv): Move handling of 'GCRY_CIPHER_MODE_GCM' to ... - (_gcry_cipher_setiv): ... here, as with other modes. - * src/gcrypt.h.in: Add 'GCRY_CIPHER_MODE_POLY1305'. - * tests/basic.c (_check_poly1305_cipher, check_poly1305_cipher): New. - (check_ciphers): Add Poly1305 check. - (check_cipher_modes): Call 'check_poly1305_cipher'. - * tests/bench-slope.c (bench_gcm_encrypt_do_bench): Rename to - bench_aead_... and take nonce as argument. - (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench): Ditto. - (bench_gcm_encrypt_do_bench, bench_gcm_decrypt_do_bench) - (bench_gcm_authenticate_do_bench, bench_poly1305_encrypt_do_bench) - (bench_poly1305_decrypt_do_bench) - (bench_poly1305_authenticate_do_bench, poly1305_encrypt_ops) - (poly1305_decrypt_ops, poly1305_authenticate_ops): New. - (cipher_modes): Add Poly1305. - (cipher_bench_one): Add special handling for Poly1305. - - Add Poly1305-AES (-Camellia, etc) MACs. - + commit 73b3b75c2221a6e3bed4117e0a206a1193acd2ed - * cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes) - (_gcry_mac_type_spec_poly1305_camellia) - (_gcry_mac_type_spec_poly1305_twofish) - (_gcry_mac_type_spec_poly1305_serpent) - (_gcry_mac_type_spec_poly1305_seed): New. - * cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and - 'nonce_set'. - (poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling - for Poly1305-*** MACs. - (poly1305mac_prepare_key, poly1305mac_setiv): New. - (poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling - for 'nonce_set'. - (poly1305mac_ops): Add 'poly1305mac_setiv'. - (_gcry_mac_type_spec_poly1305_aes) - (_gcry_mac_type_spec_poly1305_camellia) - (_gcry_mac_type_spec_poly1305_twofish) - (_gcry_mac_type_spec_poly1305_serpent) - (_gcry_mac_type_spec_poly1305_seed): New. - * cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish, - Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia. - * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES', - 'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH', - 'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'. - * tests/basic.c (check_mac): Add Poly1305-AES test vectors. - * tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs. - * tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs. - - Add Poly1305 MAC. - + commit b8794fed68ebe7567f4617141f0996ad290d9120 - * cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and - 'poly1305-internal.h'. - * cipher/mac-internal.h (poly1305mac_context_s): New. - (gcry_mac_handle): Add 'u.poly1305mac'. - (_gcry_mac_type_spec_poly1305mac): New. - * cipher/mac-poly1305.c: New. - * cipher/mac.c (mac_list): Add Poly1305. - * cipher/poly1305-internal.h: New. - * cipher/poly1305.c: New. - * src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'. - * tests/basic.c (check_mac): Add Poly1035 test vectors; Allow - overriding lengths of data and key buffers. - * tests/bench-slope.c (mac_bench): Increase max algo number from 500 to - 600. - * tests/benchmark.c (mac_bench): Ditto. - - chacha20/AVX2: clear upper-halfs of YMM registers on entry. - + commit c20daeeb05329bfc6cc2c562cbd4b965291fe0e1 - * cipher/chacha20-avx2-amd64.S (_gcry_chacha20_amd64_avx2_blocks): Add - 'vzeroupper' at beginning. - - chacha20/AVX2: check for ENABLE_AVX2_SUPPORT instead of HAVE_GCC_INLINE_ASM_AVX2 - + commit a3062db748f272e0f7346e1ed9e0bf7ed61a4eae - * cipher/chacha20.c (USE_AVX2): Enable depending on - ENABLE_AVX2_SUPPORT, not HAVE_GCC_INLINE_ASM_AVX2. - * cipher/chacha20-avx2-amd64.S: Ditto. - - chacha20/SSSE3: clear XMM registers after use. - + commit a7d9eeeba632b7eb4a5b15ff17f6565181642f3c - * cipher/chacha20-ssse3-amd64.S (_gcry_chacha20_amd64_ssse3_blocks): On - return, clear XMM registers. - -2014-05-11 Jussi Kivilinna - - chacha20: add AVX2/AMD64 assembly implementation. - + commit a39ee7555691d18cae97560f130aaf952bfbd278 - * cipher/Makefile.am: Add 'chacha20-avx2-amd64.S'. - * cipher/chacha20-avx2-amd64.S: New. - * cipher/chacha20.c (USE_AVX2): New macro. - [USE_AVX2] (_gcry_chacha20_amd64_avx2_blocks): New. - (chacha20_do_setkey): Select AVX2 implementation if there is HW - support. - (selftest): Increase size of buf by 256. - * configure.ac [host=x86-64]: Add 'chacha20-avx2-amd64.lo'. - - chacha20: add SSSE3 assembly implementation. - + commit def7d4cad386271c6d4e2f10aabe0cb4abd871e4 - * cipher/Makefile.am: Add 'chacha20-ssse3-amd64.S'. - * cipher/chacha20-ssse3-amd64.S: New. - * cipher/chacha20.c (USE_SSSE3): New macro. - [USE_SSSE3] (_gcry_chacha20_amd64_ssse3_blocks): New. - (chacha20_do_setkey): Select SSSE3 implementation if there is HW - support. - * configure.ac [host=x86-64]: Add 'chacha20-ssse3-amd64.lo'. - - Add ChaCha20 stream cipher. - + commit 23f33d57c9b6f2295a8ddfc9a8eee5a2c30cf406 - * cipher/Makefile.am: Add 'chacha20.c'. - * cipher/chacha20.c: New. - * cipher/cipher.c (cipher_list): Add ChaCha20. - * configure.ac: Add ChaCha20. - * doc/gcrypt.texi: Add ChaCha20. - * src/cipher.h (_gcry_cipher_spec_chacha20): New. - * src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo. - * tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100. - (check_stream_cipher): Add ChaCha20 test-vectors. - (check_ciphers): Add ChaCha20. - -2014-05-09 Werner Koch - - mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit. - + commit 246b7aaae1ee459f440260bbc4ec2c01c5dc3362 - * mpi/mpi-bit.c (_gcry_mpi_set_bit, _gcry_mpi_set_highbit): Clear - allocated but not used bits before resizing. - * tests/t-mpi-bits.c (set_bit_with_resize): New. - -2014-05-07 Werner Koch - - Bump LT version. - + commit fc6ff6f73a51bcbbbb3757dc1386da40aa3ae75d - * configure.ac: Bumb LT version to C21/A1/R0. - -2014-04-22 Werner Koch - - random: Small patch for consistency and really burn the stack. - + commit a79c4ad7c56ee4410f17beb73eeb58b0dd36bfc6 - * random/rndlinux.c (_gcry_rndlinux_gather_random): s/int/size_t/. - (_gcry_rndlinux_gather_random): Replace memset by wipememory. - -2014-04-16 Werner Koch - - pubkey: Re-map all depreccated RSA algo numbers. - + commit 773e23698218755e9172d2507031a8263c47cc0b - * cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S. - -2014-04-15 Werner Koch - - cipher: Fix possible NULL dereference. - + commit ae1fbce6dacf14747af0126e640bd4e54cb8c680 - * cipher/md.c (_gcry_md_selftest): Check for spec being NULL. - -2014-03-30 Jussi Kivilinna - - 3des: add amd64 assembly implementation for 3DES. - + commit b76b632a453b8d100d024e2439b4358454dc286e - * cipher/Makefile.am: Add 'des-amd64.S'. - * cipher/cipher-selftests.c (_gcry_selftest_helper_cbc) - (_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures - from 'setkey' function. - * cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk - functions for 3DES. - * cipher/des-amd64.S: New file. - * cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros. - [USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block) - (_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec) - (_gcry_3des_amd64_cfb_dec): New prototypes. - [USE_AMD64_ASM] (tripledes_ecb_crypt): New function. - (TRIPLEDES_ECB_BURN_STACK): New macro. - (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec) - (bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New - functions. - (selftest): Add call to CTR, CBC and CFB selftest functions. - (do_tripledes_encrypt, do_tripledes_decrypt): Use - TRIPLEDES_ECB_BURN_STACK. - * configure.ac [host=x86-64]: Add 'des-amd64.lo'. - * src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec) - (_gcry_3des_cfb_dec): New prototypes. - -2014-03-13 Werner Koch - - tests: Print diagnostics for skipped tests. - + commit 50aeee51a0b1a09dd9fff2bb71749a816fe7a791 - * tests/basic.c (show_note): New. - (show_md_not_available): - (show_old_hmac_not_available): - (show_mac_not_available): - (check_digests): Remove USE_foo cpp tests from the test table. Call - show_md_not_available if algo is not available. - (check_hmac): Likewise. - (check_mac): Likewise. - -2014-03-11 Dmitry Eremin-Solenikov - - Add MD2 message digest implementation. - + commit 5a8e1504bf8a2ffbc018be576dea77b685200444 - * cipher/md2.c: New. - * cipher/md.c (digest_list): add _gcry_digest_spec_md2. - * tests/basic.c (check_digests): add MD2 test vectors. - * configure.ac (default_digests): disable md2 by default. - -2014-03-04 Dmitry Eremin-Solenikov - - Add an utility to calculate hashes over a set of files. - + commit 2b5403c408dfbd71be24c7635f5fa0b61ab4c9bb - * tests/gchash.c: New. - - Add a simple (raw) PKCS#1 padding mode. - + commit ea8d597726305274214224757b32730644e12bd8 - * src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw - flag. - * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): - Handle s-exp like (data (flags pkcs1-raw) (value xxxxx)) - * cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig): - PKCS#1-encode data with embedded hash OID for signature verification. - * tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw - flag. - -2014-02-04 Jussi Kivilinna - - Fix ARMv6 detection when CFLAGS modify target CPU architecture. - + commit 6be3032048ee2466511d2384fcf2d28b856219b2 - * configure.ac (gcry_cv_cc_arm_arch_is_v6): Use compiler test instead - of preprocessor test. - -2014-01-29 Werner Koch - - Reserve control code for FIPS extensions. - + commit aea96a64fbc58a0b6f9f435e97e93294c6eb1052 - * src/gcrypt.h.in (GCRYCTL_INACTIVATE_FIPS_FLAG): New. - (GCRYCTL_REACTIVATE_FIPS_FLAG): New. - * src/global.c (_gcry_vcontrol): Add them but return not_implemented. - -2014-01-29 NIIBE Yutaka - - Fix RSA Blinding. - + commit 121a90d8931944974054f7d94f63b7f89df87fa5 - * cipher/rsa.c (rsa_decrypt): Loop to get multiplicative inverse. - -2014-01-28 Werner Koch - - cipher: Take care of ENABLE_NEON_SUPPORT. - + commit 52f7c48c901a3de51bd690a218f3de2f71e8d790 - * cipher/salsa20.c (USE_ARM_NEON_ASM): Define only if - ENABLE_NEON_SUPPORT is defined. - * cipher/serpent.c (USE_NEON): Ditto. - * cipher/sha1.c (USE_NEON): Ditto. - * cipher/sha512.c (USE_ARM_NEON_ASM): Ditto. - - sexp: Fix broken gcry_sexp_nth. - + commit cbdc355415f83ed62da4f3618767eba54d7e6d37 - * src/sexp.c (_gcry_sexp_nth): Return a valid S-expression for a data - element. - (NODE): Remove unused typedef. - (ST_HINT): Comment unused macro. - - * tests/t-sexp.c (bug_1594): New. - (main): Run new test. - -2014-01-27 Werner Koch - - tests: Improve t-common.h. - + commit 7460e9243b3cc050631c37ed4f2713ae7bcb6762 - * tests/t-common.h: Add couple of macros. Check that config.h has - been included. - (show): Rename to info. - * tests/t-lock.c, tests/t-sexp.c: Adjust for changes. - - mpi: Minor fix for Atari-mint. - + commit 3caa0f1319dc4779e0d6eee4460c1af2a12b2c3c - * mpi/config.links [m68k-atari-mint]: Do not assume 68020. Suggested - by Alan Hourihane. - - (cherry picked from commit 420f42a5752e90a8b27d58ffa1ddfe6e4ab341e8) - -2014-01-27 Dmitry Eremin-Solenikov - - Fix most of memory leaks in tests code. - + commit 5c150ece094bf0a504a111ce6c7b72e8d0b0457a - * tests/basic.c (check_ccm_cipher): Close cipher after use. - * tests/basic.c (check_one_cipher): Correct length of used buffer. - * tests/benchmark.c (cipher_bench): Use xcalloc to make buffer - initialized. - * tests/keygen.c (check_ecc_keys): Release generated key. - * tests/t-mpi-point.c (context_param): Release mpi Q. - * tests/t-sexp.c (check_extract_param): Release extracted number. - - Fix memory leaks in ecc code. - + commit 6d87e6abdfb7552323a95401f14e6367398a3e5a - * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi - values. - * cipher/ecc.c (compute_keygrip): Fix potential memory leak in error - path. - * cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi. - - Fix number of blocks passed used in _gcry_rmd160_mixblock. - + commit 5d23e7b9a77421f3ebfda4a84c459a8729f3bb41 - * cipher/rmd160.c (_gcry_rmd160_mixblock): pass 1 to transform - -2014-01-27 Werner Koch - - Small Windows build tweaks. - + commit f7df906171854b6b6506b82d4fee2c2ebb0327ea - * configure.ac (HAVE_PTHREAD): Do test when building for Windows. - - * tests/basic.c: Replace "%zi" by "%z" and a cast to make it work - under Windows. - - Update gpg-error autoconf macros to fix threading problems. - + commit 79da0358fd555361e1ce4202f55494a8918eb8ae - * m4/gpg-error.m4: Update to version 2014-01-24. - * tests/Makefile.am (t_lock_LDADD): Use MT Libs. - -2014-01-24 Dmitry Eremin-Solenikov - - tests: Pass -no-install to libtool. - + commit bf34bfa5c458ee5ece91f25e3b4194d768498ab6 - * tests/Makefile.am: add AM_LDFLAGS = -no-install - -2014-01-24 Werner Koch - - tests: Add a test for the internal locking. - + commit ff91ec934ed52294cddcd7dcfacc04721a0487bf - * src/global.c (external_lock_test): New. - (_gcry_vcontrol): Call new function with formerly reserved code 61. - - * tests/t-common.h: New. Taken from current libgpg-error. - * tests/t-lock.c: New. Based on t-lock.c from libgpg-error. - * configure.ac (HAVE_PTHREAD): Set macro to 1 if defined. - (AC_CHECK_FUNCS): Check for flockfile. - * tests/Makefile.am (tests_bin): Add t-lock. - (noinst_HEADERS): Add t-common.h - (LDADD): Move value to ... - (default_ldadd): new. - (t_lock_LDADD): New. - - Check compiler features only for the relevant platform. - + commit 24e65d715812cea28732397870cb1585b8435521 - * mpi/config.links (mpi_cpu_arch): Always set for ARM. Set for HPPA. - Set to "undefined" for unknown platforms. - (try_asm_modules): Act upon only after having detected the CPU. - * configure.ac: Move the call to config.links before the platform - specific compiler checks. Check platform specific features only if - the platform is targeted. - -2014-01-23 Werner Koch - - Support building using the latest mingw-w64 toolchain. - + commit 4ad3417acab5021db1f722c314314ce4b781833a - * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Change mingw detection. - -2014-01-20 Werner Koch - - cipher: Fix commit 94030e44. - + commit dad06e4d1b835bac778b87090b1d3894b7535b14 - * cipher/tiger.c (tiger_init): Add arg FLAGS. - (tiger1_init, tiger2_init): Ditto. - - tests: Rename tsexp.c. - + commit 192e77d123fdb04c459c998b9eb1731618a833fa - * tests/tsexp.c: Rename to t-sexp.c - -2014-01-19 Werner Koch - - md: Add Whirlpool bug emulation feature. - + commit 94030e44aaff805d754e368507f16dd51a531b72 - * src/gcrypt.h.in (GCRY_MD_FLAG_BUGEMU1): New. - * src/cipher-proto.h (gcry_md_init_t): Add arg FLAGS. Change all code - to implement that flag. - * cipher/md.c (gcry_md_context): Replace SECURE and FINALIZED by bit - field FLAGS. Add flag BUGEMU1. Change all users. - (md_open): Replace args SECURE and HMAC by FLAGS. Init flags.bugemu1. - (_gcry_md_open): Add for GCRY_MD_FLAG_BUGEMU1. - (md_enable): Pass bugemu1 flag to the hash init function. - (_gcry_md_reset): Ditto. - -2014-01-17 Werner Koch - - Actually check for uint64_t. - + commit c3b30bae7d1e157f8b65e32ba1b3a516f2bbf58b - * configure.ac: Check size of uint64_t and the UINT64_C macro. - -2014-01-16 Werner Koch - - Replace ath based mutexes by gpgrt based locks. - + commit cfc151ba637200e4fc05d9481a8df2071b2f9a47 - * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13. - (gl_LOCK): Remove. - * src/ath.c, src/ath.h: Remove. Remove from all files. Replace all - mutexes by gpgrt based statically initialized locks. - * src/global.c (global_init): Remove ath_init. - (_gcry_vcontrol): Make ath install a dummy function. - (print_config): Remove threads info line. - - * doc/gcrypt.texi: Simplify the multi-thread related documentation. - -2014-01-15 NIIBE Yutaka - - ecc: Fix _gcry_mpi_ec_p_new to allow secp256k1. - + commit 49edeebb43174865cf4fa2c170a42a8e4274c4f0 - * mpi/ec.c (_gcry_mpi_ec_p_new): Remove checking a!=0. - * tests/t-mpi-point.c (context_alloc): Remove two spurious tests. - -2014-01-14 Milan Broz - - PBKDF2: Use gcry_md_reset to speed up calculation. - + commit 04cda6b7cc16f3f52c12d9d3e46c56701003496e - * cipher/kdf.c (_gcry_kdf_pkdf2): Use gcry_md_reset - to speed up calculation. - -2014-01-13 Werner Koch - - Fix macro conflict in NetBSD. - + commit 5f2af6c26bc04975c0b518881532871d7387d7ce - * cipher/bithelp.h (bswap32): Rename to _gcry_bswap32. - (bswap64): Rename to _gcry_bswap64. - - Use internal malloc function in fips.c. - + commit 518ae274a1845ce626b2b4223a9b3805cbbab1a7 - * src/fips.c (check_binary_integrity): s/gcry_malloc/xtrymalloc/. - -2014-01-13 Dmitry Eremin-Solenikov - - Truncate hash values for ECDSA signature scheme. - + commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225 - * cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque - mpis as required for DSA and ECDSA signature schemas. - * cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to - behave like the rest of internal sign/verify functions. - * cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation. - * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation. - * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify): - as required by ECDSA scheme, truncate hash values to bitlength of - used curve. - * tests/pubkey.c (check_ecc_sample_key): add a testcase for hash - truncation. - - Add GOST R 34.10-2012 curves proposed by TC26. - + commit 2c5ec803100ed8261e51442fb93b75367b7725ea - * cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves - proposed/pending to standardization by TC26 (Russian cryptography - technical comitee). - * cipher/ecc-curves.c (curve_alias): Add OID aliases. - * tests/curves.c: Increase N_CURVES. - - Add GOST R 34.10-2001 curves per RFC4357. - + commit 9bedc5c3b646dfe481678ca58f5466ac46decaf7 - * cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357. - * cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST - curves. - * tests/curves.c (N_CURVES): Update value. - - Fix typo in search_oid. - + commit 7edcb574d8d6dffb6e234c2ba1996a9a04923859 - * cipher/md.c (search_oid): Invert condition on oid comparison. - - Add MD2-HMAC calculation support. - + commit 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f - * src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New. - * cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2. - - Add a function to retrieve algorithm used by MAC handler. - + commit 8439a379c86ef1088465ea70ac10840759a1638e - * cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo. - * src/visibility.c (gcry_mac_get_algo): New wrapper. - * src/visibility.h: Hanlde gcry_mac_get_algo. - * src/gcrypt-int.h (_gcry_mac_get_algo): New. - * src/gcrypt.h.in (gcry_mac_get_algo): New. - * src/libgcrypt.def (gcry_mac_get_algo): New. - * src/libgcrypt.vers (gcry_mac_get_algo): New. - * doc/gcrypt.texi: Document gcry_mac_get_algo. - * tests/basic.c (check_one_mac): Verify gcry_mac_get_algo. - - Correct formatting of gcry_mac_get_algo_keylen documentation. - + commit 36c9e0e4eb4f935da90df1c8df484d1940bda5eb - * doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen - documentation. - - Use braces around unsigned int in gcry_mac_get_algo_keylen - documentation, otherwise texinfo breaks that and uses 'int' as a - function definition. - -2014-01-13 Werner Koch - - ecc: Make a macro shorter. - + commit 2ef48ba59c32bfa1a9265d5eea8ab225a658903a - * src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage - all users. - * cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as - comment. - * mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards. - (add_points_twistededwards): Rename to add_points_edwards. - -2014-01-12 Jussi Kivilinna - - Fix assembly division check. - + commit ef3e66e168c4b9b86bfc4903001631e53a7125d8 - * configure.ac (gcry_cv_gcc_as_const_division_ok): Correct variable - name mismatch at '--Wa,--divide' workaround check. - -2014-01-12 NIIBE Yutaka - - Add secp256k1 curve. - + commit 019e0e9e8c77a2edf283745e05e9301673ea6a0a - * cipher/ecc-curves.c (curve_aliases): Add secp256k1 and its OID. - (domain_parms): Add secp256k1's domain paramerter. - - * tests/basic.c (check_pubkey): Add a key of secp256k1. - - * tests/curves.c (N_CURVES): Updated. - -2014-01-12 Jussi Kivilinna - - Fix constant division for AMD64 assembly on Solaris/x86. - + commit 43376891c01f4aff1fbfb23beafebb5adfd0868c - * configure.ac (gcry_cv_gcc_as_const_division_ok): Add new check for - constant division in assembly and test for "-Wa,--divide" workaround. - (gcry_cv_gcc_amd64_platform_as_ok): Check for also constant division. - -2014-01-10 Werner Koch - - Use the generic autogen.sh script. - + commit b0ac1f9b143aa15855914ba93fef900288d45c9c - * autogen.rc: New. - * Makefile.am (EXTRA_DIST): Add it. - * autogen.sh: Update from current GnuPG. - - Move all helper scripts to build-aux/ - + commit df9b4eabf52faee6f289a4bc62219684442ae383 - * scripts/: Rename to build-aux/. - * compile, config.guess, config.rpath, config.sub - * depcomp, doc/mdate-sh, doc/texinfo.tex - * install-sh, ltmain.sh, missing: Move to build-aux/. - * Makefile.am (EXTRA_DIST): Adjust. - * configure.ac (AC_CONFIG_AUX_DIR): New. - (AM_SILENT_RULES): New. - -2013-12-30 Jussi Kivilinna - - Add blowfish/serpent ARM assembly files to Makefile.am. - + commit 7fef7f481c0a1542be34d1dc831f58d41846ac29 - * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'. - - Add AMD64 assembly implementation for arcfour. - + commit 7547898109c72a97e3102b2a045ee4fdb2aa40bf - * cipher/Makefile.am: Add 'arcfour-amd64.S'. - * cipher/arcfour-amd64.S: New. - * cipher/arcfour.c (USE_AMD64_ASM): New. - [USE_AMD64_ASM] (ARCFOUR_context, _gcry_arcfour_amd64) - (encrypt_stream): New. - * configure.ac [host=x86_64]: Add 'arcfour-amd64.lo'. - - Parse /proc/cpuinfo for ARM HW features. - + commit a05be441d8cd89b90d8d58e3a343a436dae377d0 - * src/hwf-arm.c [__linux__] (HAS_PROC_CPUINFO) - (detect_arm_proc_cpuinfo): New. - (_gcry_hwf_detect_arm) [HAS_PROC_CPUINFO]: Check '/proc/cpuinfo' for - HW features. - - Fix buggy/incomplete detection of AVX/AVX2 support. - + commit bbcb12187afb1756cb27296166b57fa19ee45d4d - * configure.ac: Also check for 'xgetbv' instruction in AVX and AVX2 - inline assembly checks. - * src/hwf-x86.c [__i386__] (get_xgetbv): New function. - [__x86_64__] (get_xgetbv): New function. - [HAS_X86_CPUID] (detect_x86_gnuc): Check for OSXSAVE and OS support for - XMM&YMM registers and enable AVX/AVX2 only if XMM&YMM registers are - supported by OS. - -2013-12-18 Jussi Kivilinna - - Change utf-8 copyright characters to '(C)' - + commit b7e814f93ee40fcfe17a187a8989c07fde2ba0cd - cipher/blowfish-amd64.S: Change utf-8 encoded copyright character to - '(C)'. - cipher/blowfish-arm.S: Ditto. - cipher/bufhelp.h: Ditto. - cipher/camellia-aesni-avx-amd64.S: Ditto. - cipher/camellia-aesni-avx2-amd64.S: Ditto. - cipher/camellia-arm.S: Ditto. - cipher/cast5-amd64.S: Ditto. - cipher/cast5-arm.S: Ditto. - cipher/cipher-ccm.c: Ditto. - cipher/cipher-cmac.c: Ditto. - cipher/cipher-gcm.c: Ditto. - cipher/cipher-selftest.c: Ditto. - cipher/cipher-selftest.h: Ditto. - cipher/mac-cmac.c: Ditto. - cipher/mac-gmac.c: Ditto. - cipher/mac-hmac.c: Ditto. - cipher/mac-internal.h: Ditto. - cipher/mac.c: Ditto. - cipher/rijndael-amd64.S: Ditto. - cipher/rijndael-arm.S: Ditto. - cipher/salsa20-amd64.S: Ditto. - cipher/salsa20-armv7-neon.S: Ditto. - cipher/serpent-armv7-neon.S: Ditto. - cipher/serpent-avx2-amd64.S: Ditto. - cipher/serpent-sse2-amd64.S: Ditto. - - Add ARM/NEON implementation for SHA-1. - + commit fc7dcf616937afaf73cfda1bf7bd79566a96b130 - * cipher/Makefile.am: Add 'sha1-armv7-neon.S'. - * cipher/sha1-armv7-neon.S: New. - * cipher/sha1.c (USE_NEON): New. - (SHA1_CONTEXT, sha1_init) [USE_NEON]: Add and initialize 'use_neon'. - [USE_NEON] (_gcry_sha1_transform_armv7_neon): New. - (transform) [USE_NEON]: Use ARM/NEON assembly if enabled. - * configure.ac: Add 'sha1-armv7-neon.lo'. - - Improve performance of SHA-512/ARM/NEON implementation. - + commit df629ba53a662427ebd3ddca90c3fe9ddd6511d3 - * cipher/sha512-armv7-neon.S (RT01q, RT23q, RT45q, RT67q): New. - (round_0_63, round_64_79): Remove. - (rounds2_0_63, rounds2_64_79): New. - (_gcry_sha512_transform_armv7_neon): Add 'nblks' input; Handle multiple - input blocks; Use new round macros. - * cipher/sha512.c [USE_ARM_NEON_ASM] - (_gcry_sha512_transform_armv7_neon): Add 'num_blks'. - (transform) [USE_ARM_NEON_ASM]: Pass nblks to assembly. - - Add AVX and AVX2/BMI implementations for SHA-256. - + commit a5c2bbfe0db515d739ab683297903c77b1eec124 - * LICENSES: Add 'cipher/sha256-avx-amd64.S' and - 'cipher/sha256-avx2-bmi2-amd64.S'. - * cipher/Makefile.am: Add 'sha256-avx-amd64.S' and - 'sha256-avx2-bmi2-amd64.S'. - * cipher/sha256-avx-amd64.S: New. - * cipher/sha256-avx2-bmi2-amd64.S: New. - * cipher/sha256-ssse3-amd64.S: Use 'lea' instead of 'add' in few - places for tiny speed improvement. - * cipher/sha256.c (USE_AVX, USE_AVX2): New. - (SHA256_CONTEXT) [USE_AVX, USE_AVX2]: Add 'use_avx' and 'use_avx2'. - (sha256_init, sha224_init) [USE_AVX, USE_AVX2]: Initialize above - new context members. - [USE_AVX] (_gcry_sha256_transform_amd64_avx): New. - [USE_AVX2] (_gcry_sha256_transform_amd64_avx2): New. - (transform) [USE_AVX2]: Use AVX2 assembly if enabled. - (transform) [USE_AVX]: Use AVX assembly if enabled. - * configure.ac: Add 'sha256-avx-amd64.lo' and - 'sha256-avx2-bmi2-amd64.lo'. - -2013-12-17 Jussi Kivilinna - - Add AVX and AVX/BMI2 implementations for SHA-1. - + commit e4e458465b124e25b6aec7a60174bf1ca32dc5fd - * cipher/Makefile.am: Add 'sha1-avx-amd64.S' and - 'sha1-avx-bmi2-amd64.S'. - * cipher/sha1-avx-amd64.S: New. - * cipher/sha1-avx-bmi2-amd64.S: New. - * cipher/sha1.c (USE_AVX, USE_BMI2): New. - (SHA1_CONTEXT) [USE_AVX]: Add 'use_avx'. - (SHA1_CONTEXT) [USE_BMI2]: Add 'use_bmi2'. - (sha1_init): Initialize 'use_avx' and 'use_bmi2'. - [USE_AVX] (_gcry_sha1_transform_amd64_avx): New. - [USE_BMI2] (_gcry_sha1_transform_amd64_bmi2): New. - (transform) [USE_BMI2]: Use BMI2 assembly if enabled. - (transform) [USE_AVX]: Use AVX assembly if enabled. - * configure.ac: Add 'sha1-avx-amd64.lo' and 'sha1-avx-bmi2-amd64.lo'. - - SHA-1/SSSE3: Improve performance on large buffers. - + commit 6fd0dd2a5f1362f91e2861cd9d300341a43842a5 - * cipher/sha1-ssse3-amd64.S (RNBLKS): New. - (_gcry_sha1_transform_amd64_ssse3): Handle multiple input blocks, with - software pipelining of next data block processing. - * cipher/sha1.c [USE_SSSE3] (_gcry_sha1_transform_amd64_ssse3): Add - 'nblks'. - (transform) [USE_SSSE3]: Pass nblks to assembly function. - - Add bulk processing for hash transform functions. - + commit 50b8c8342d023038a4b528af83153293dd2756ea - * cipher/hash-common.c (_gcry_md_block_write): Preload 'hd->blocksize' - to stack, pass number of blocks to 'hd->bwrite'. - * cipher/hash-common.c (_gcry_md_block_write_t): Add 'nblks'. - * cipher/gostr3411-94.c: Rename 'transform' function to - 'transform_blk', add new 'transform' function with 'nblks' as - additional input. - * cipher/md4.c: Ditto. - * cipher/md5.c: Ditto. - * cipher/md4.c: Ditto. - * cipher/rmd160.c: Ditto. - * cipher/sha1.c: Ditto. - * cipher/sha256.c: Ditto. - * cipher/sha512.c: Ditto. - * cipher/stribog.c: Ditto. - * cipher/tiger.c: Ditto. - * cipher/whirlpool.c: Ditto. - -2013-12-16 Werner Koch - - Release 1.6.0. - + commit 0ea9731e1c93a962f6266004ab0e7418c19d6277 - - - doc: Change yat2m to allow arbitrary condition names. - + commit 9a912f8c4f366c53f1cdb94513b67b937e87178b - * doc/yat2m.c (MAX_CONDITION_NESTING): New. - (gpgone_defined): Remove. - (condition_s, condition_stack, condition_stack_idx): New. - (cond_is_active, cond_in_verbatim): New. - (add_predefined_macro, set_macro, macro_set_p): New. - (evaluate_conditions, push_condition, pop_condition): New. - (parse_file): Rewrite to use the condition stack. - (top_parse_file): Set prefined macros. - (main): Change -D to define arbitrary macros. - - tests: Add SHA-512 to the long hash test. - + commit 0d3bd23d7f730b9bbc81fc8da8d99f4853c36020 - * tests/hashtest.c (testvectors): Add vectors for 256GiB SHA-512. - * tests/hashtest-256g.in (algos): Add test for SHA-512. - - Add configure option --enable-large-data-tests. - + commit a6b9304a889397ac98e1c2c4ac3e178669d94492 - * configure.ac: Add option --enable-large-data-tests. - * tests/hashtest-256g.in: New. - * tests/Makefile.am (EXTRA_DIST): Add hashtest-256g.in. - (TESTS): Split up into tests_bin, tests_bin_last, tests_sh, and - tests_sh_last. - (tests_sh_last): Add hashtest-256g - (noinst_PROGRAMS): Add only tests_bin and tests_bin_last. - (bench-slope.log, hashtest-256g.log): New rules to enforce serial run. - - random: Call random progress handler more often. - + commit 5a7ce59396fe56f0d681df314bfbdb5f7732d4b1 - * random/rndlinux.c (_gcry_rndlinux_gather_random): Update progress - indicator earlier. - - cipher: Normalize the MPIs used as input to secret key functions. - + commit dec048b2ec79271a2f4405be5b87b1e768b3f1a9 - * cipher/dsa.c (sign): Normalize INPUT. - * cipher/elgamal.c (decrypt): Normalize A and B. - * cipher/rsa.c (secret): Normalize the INPUT. - (rsa_decrypt): Reduce DATA before passing to secret. - -2013-12-16 Jussi Kivilinna - - Change dummy variable in mpih-div.c to mpi_limb_t type. - + commit 953535a7de68cf62b5b1ad6f96ea3a9edd83762c - * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Change dummy - variable to 'mpi_limb_t' type from 'int'. - - Remove duplicate gcry_mac_hd_t typedef. - + commit 5c31990214b58c4e17edb01fbbe6d9f573975a22 - * cipher/mac-internal.h (gcry_mac_hd_t): Remove. - -2013-12-15 Jussi Kivilinna - - Use u64 for CCM data lengths. - + commit 110fed2d6b0bbc97cb5cc0a3a564e05fc42afa2d - * cipher/cipher-ccm.c: Move code inside [HAVE_U64_TYPEDEF]. - [HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_set_lengths): Use 'u64' for - data lengths. - [!HAVE_U64_TYPEDEF] (_gcry_cipher_ccm_encrypt) - (_gcry_cipher_ccm_decrypt, _gcry_cipher_ccm_set_nonce) - (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_get_tag) - (_gcry_cipher_ccm_check_tag): Dummy functions returning - GPG_ERROR_NOT_SUPPORTED. - * cipher/cipher-internal.h (gcry_cipher_handle.u_mode.ccm) - (_gcry_cipher_ccm_set_lengths): Move inside [HAVE_U64_TYPEDEF] and use - u64 instead of size_t for CCM data lengths. - * cipher/cipher.c (_gcry_cipher_open_internal, cipher_reset) - (_gcry_cipher_ctl) [!HAVE_U64_TYPEDEF]: Return GPG_ERR_NOT_SUPPORTED - for CCM. - (_gcry_cipher_ctl) [HAVE_U64_TYPEDEF]: Use u64 for - GCRYCTL_SET_CCM_LENGTHS length parameters. - * tests/basic.c: Do not use CCM if !HAVE_U64_TYPEDEF. - * tests/bench-slope.c: Ditto. - * tests/benchmark.c: Ditto. - -2013-12-14 Werner Koch - - tests: Prevent rare failure of gcry_pk_decrypt test. - + commit bfb43a17d8db571fca4ed433ee8be5c366745844 - * tests/basic.c (check_pubkey_crypt): Add special mode 1. - (main): Add option --loop. - -2013-12-14 Jussi Kivilinna - - Minor fixes to SHA assembly implementations. - + commit ffd9b2aa5abda7f4d7790ed48116ed5d71ab9995 - * cipher/Makefile.am: Correct 'sha256-avx*.S' to 'sha512-avx*.S'. - * cipher/sha1-ssse3-amd64.S: First line, correct filename. - * cipher/sha256-ssse3-amd64.S: Return correct stack burn depth. - * cipher/sha512-avx-amd64.S: Use 'vzeroall' to clear registers. - * cipher/sha512-avx2-bmi2-amd64.S: Ditto and return correct stack burn - depth. - - SHA-1/SSSE3: Do not check for Intel syntax assembly support. - + commit c86c35534a153b13e880d0bb0ea3e48e1c0ecaf9 - * cipher/sha1-ssse3-amd64.S: Remove check for - HAVE_INTEL_SYNTAX_PLATFORM_AS. - * cipher/sha1.c [USE_SSSE3]: Ditto. - -2013-12-13 Jussi Kivilinna - - Convert SHA-1 SSSE3 implementation from mixed asm&C to pure asm. - + commit d2b853246c2ed056a92096d89c3ca057e45c9c92 - * cipher/Makefile.am: Change 'sha1-ssse3-amd64.c' to - 'sha1-ssse3-amd64.S'. - * cipher/sha1-ssse3-amd64.c: Remove. - * cipher/sha1-ssse3-amd64.S: New. - - SHA-1: Add SSSE3 implementation. - + commit be2238f68abcc6f2b4e8c38ad9141376ce622a22 - * cipher/Makefile.am: Add 'sha1-ssse3-amd64.c'. - * cipher/sha1-ssse3-amd64.c: New. - * cipher/sha1.c (USE_SSSE3): New. - (SHA1_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. - (sha1_init) [USE_SSSE3]: Initialize 'use_ssse3'. - (transform): Rename to... - (_transform): this. - (transform): New. - * configure.ac [host=x86_64]: Add 'sha1-ssse3-amd64.lo'. - - Add missing register clearing in to SHA-256 and SHA-512 assembly. - + commit 04615cc6803cdede25fa92e3ff697e252a23cd7a - * cipher/sha256-ssse3-amd64.S: Clear used XMM/YMM registers at return. - * cipher/sha512-avx-amd64.S: Ditto. - * cipher/sha512-avx2-bmi2-amd64.S: Ditto. - * cipher/sha512-ssse3-amd64.S: Ditto. - -2013-12-13 Werner Koch - - Update license information. - + commit 764643a3d5634bcbc47790bd8505f6a1a5280d9c - * LICENSES: New. - * Makefile.am (EXTRA_DIST): Add LICENSES. - * AUTHORS: Add list of copyright holders. - * README: Reference AUTHORS. - -2013-12-13 Jussi Kivilinna - - Fix empty clobber in AVX2 assembly check. - + commit e41d605ee41469e8a33cdc4d38f742cfb931f835 - * configure.ac (gcry_cv_gcc_inline_asm_avx2): Add "cc" as assembly - globber. - - Fix W32 build. - + commit a71b810ddd67ca3a1773d8f929d162551abb58eb - * random/rndw32.c (register_poll, slow_gatherer): Change gcry_xmalloc to - xmalloc, and gcry_xrealloc to xrealloc. - -2013-12-12 Jussi Kivilinna - - SHA-512: Add AVX and AVX2 implementations for x86-64. - + commit 2e4253dc8eb512cd0e807360926dc6ba912c95b4 - * cipher/Makefile.am: Add 'sha512-avx-amd64.S' and - 'sha512-avx2-bmi2-amd64.S'. - * cipher/sha512-avx-amd64.S: New. - * cipher/sha512-avx2-bmi2-amd64.S: New. - * cipher/sha512.c (USE_AVX, USE_AVX2): New. - (SHA512_CONTEXT) [USE_AVX]: Add 'use_avx'. - (SHA512_CONTEXT) [USE_AVX2]: Add 'use_avx2'. - (sha512_init, sha384_init) [USE_AVX]: Initialize 'use_avx'. - (sha512_init, sha384_init) [USE_AVX2]: Initialize 'use_avx2'. - [USE_AVX] (_gcry_sha512_transform_amd64_avx): New. - [USE_AVX2] (_gcry_sha512_transform_amd64_avx2): New. - (transform) [USE_AVX2]: Add call for AVX2 implementation. - (transform) [USE_AVX]: Add call for AVX implementation. - * configure.ac (HAVE_GCC_INLINE_ASM_BMI2): New check. - (sha512): Add 'sha512-avx-amd64.lo' and 'sha512-avx2-bmi2-amd64.lo'. - * doc/gcrypt.texi: Document 'intel-cpu' and 'intel-bmi2'. - * src/g10lib.h (HWF_INTEL_CPU, HWF_INTEL_BMI2): New. - * src/hwfeatures.c (hwflist): Add "intel-cpu" and "intel-bmi2". - * src/hwf-x86.c (detect_x86_gnuc): Check for HWF_INTEL_CPU and - HWF_INTEL_BMI2. - - SHA-512: Add SSSE3 implementation for x86-64. - + commit 69a6d0f9562fcd26112a589318c13de66ce1700e - * cipher/Makefile.am: Add 'sha512-ssse3-amd64.S'. - * cipher/sha512-ssse3-amd64.S: New. - * cipher/sha512.c (USE_SSSE3): New. - (SHA512_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. - (sha512_init, sha384_init) [USE_SSSE3]: Initialize 'use_ssse3'. - [USE_SSSE3] (_gcry_sha512_transform_amd64_ssse3): New. - (transform) [USE_SSSE3]: Call SSSE3 implementation. - * configure.ac (sha512): Add 'sha512-ssse3-amd64.lo'. - - SHA-256: Add SSSE3 implementation for x86-64. - + commit e1a3931263e67aacec3c0bfcaa86c7d1441d5c6a - * cipher/Makefile.am: Add 'sha256-ssse3-amd64.S'. - * cipher/sha256-ssse3-amd64.S: New. - * cipher/sha256.c (USE_SSSE3): New. - (SHA256_CONTEXT) [USE_SSSE3]: Add 'use_ssse3'. - (sha256_init, sha224_init) [USE_SSSE3]: Initialize 'use_ssse3'. - (transform): Rename to... - (_transform): This. - [USE_SSSE3] (_gcry_sha256_transform_amd64_ssse3): New. - (transform): New. - * configure.ac (HAVE_INTEL_SYNTAX_PLATFORM_AS): New check. - (sha256): Add 'sha256-ssse3-amd64.lo'. - * doc/gcrypt.texi: Document 'intel-ssse3'. - * src/g10lib.h (HWF_INTEL_SSSE3): New. - * src/hwfeatures.c (hwflist): Add "intel-ssse3". - * src/hwf-x86.c (detect_x86_gnuc): Test for SSSE3. - -2013-12-12 Werner Koch - - Add a configuration file to disable hardware features. - + commit 5e1239b1e2948211ff2675f45cce2b28c3379cfb - * src/hwfeatures.c: Inclyde syslog.h and ctype.h. - (HWF_DENY_FILE): New. - (my_isascii): New. - (parse_hwf_deny_file): New. - (_gcry_detect_hw_features): Call it. - - * src/mpicalc.c (main): Correctly initialize Libgcrypt. Add options - "--print-config" and "--disable-hwf". - - Move list of hardware features to hwfeatures.c. - + commit 4ae77322b681a13da62d01274bcab25be2af12d0 - * src/global.c (hwflist, disabled_hw_features): Move to .. - * src/hwfeatures.c: here. - (_gcry_disable_hw_feature): New. - (_gcry_enum_hw_features): New. - (_gcry_detect_hw_features): Remove arg DISABLED_FEATURES. - * src/global.c (print_config, _gcry_vcontrol, global_init): Adjust - accordingly. - - Remove macro hacks for internal vs. external functions. Part 2 and last. - + commit 3b30e9840d4b351c4de73b126e561154cb7df4cc - * src/visibility.h: Remove remaining define/undef hacks for symbol - visibility. Add macros to detect the use of the public functions. - Change all affected functions by replacing them by the x-macros. - * src/g10lib.h: Add internal prototypes. - (xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure) - (xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure) - (xcalloc_secure, xrealloc, xstrdup, xfree): New macros. - -2013-12-11 Werner Koch - - random: Add a feature to close device file descriptors. - + commit cd548ba2dc777b8b27d8d33182ba733c20222120 - * src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New. - * src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds. - * random/random.c (_gcry_random_close_fds): New. - * random/random-csprng.c (_gcry_rngcsprng_close_fds): New. - * random/random-fips.c (_gcry_rngfips_close_fds): New. - * random/random-system.c (_gcry_rngsystem_close_fds): New. - * random/rndlinux.c (open_device): Add arg retry. - (_gcry_rndlinux_gather_random): Add mode to close open fds. - - * tests/random.c (check_close_random_device): New. - (main): Call new test. - -2013-12-10 Werner Koch - - Fix last commit (9a37470c) - + commit eae1e7712e1b687bd77eb37d0eb505fc9d46d93c - * src/secmem.c (lock_pool): Remove remaining line. Reported by Ian - Goldberg. - -2013-12-09 Werner Koch - - Fix one-off memory leak when build with Linux capability support. - + commit 9a37470c50ee9966cb2652617a404ddd54a9c096 - * src/secmem.c (lock_pool, secmem_init): Use cap_free. Reported by - Mike Crowe . - -2013-12-09 David 'Digit' Turner - - Update libtool to support Android. - + commit 2516f0b660b1a7181ad38c44310c627f4f498595 - * m4/libtool.m4: Add "linux*android*" case. Taken from the libtool - repository. - -2013-12-09 Werner Koch - - tests: Speed up benchmarks in regression test mode. - + commit 2e5354fe8db5288939733d0fb63ad4c87bc20105 - * tests/tsexp.c (check_extract_param): Fix compiler warning. - * tests/Makefile.am (TESTS_ENVIRONMENT): Set GCRYPT_IN_REGRESSION_TEST. - * tests/bench-slope.c (main): Speed up if in regression test mode. - * tests/benchmark.c (main): Ditto. - - tests: Add --csv option to bench-slope. - + commit 8072e9fa4b42ae8e65e266aa158fd903f1bb0927 - * tests/bench-slope.c (STR, STR2): New. - (cvs_mode): New. - (num_measurement_repetitions): New. Replace use of - NUM_MEASUREMENT_REPETITIONS by this. - (current_section_name, current_algo_name, current_mode_name): New. - (bench_print_result_csv): New. - (bench_print_result_std): Rename from bench_print_result. - (bench_print_result): New. Divert depending on CSV_MODE. - (bench_print_header, bench_print_footer): take care of CSV_MODE. - (bench_print_algo, bench_print_mode): New. Use them instead of - explicit printfs. - (main): Add options --csv and --repetitions. - -2013-12-07 Werner Koch - - sexp: Allow long names and white space in gcry_sexp_extract_param. - + commit d4555433b6e422fa69a85cae99961f513e55d82b - * src/sexp.c (_gcry_sexp_vextract_param): Skip white space. Support - long parameter names. - * tests/tsexp.c (check_extract_param): Add test cases for long parameter - names and white space. - -2013-12-06 Werner Koch - - ecc: Merge partly duplicated code. - + commit 405021cb6d4e470337302c65dec5bc91491a89c1 - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Factor A hashing out to ... - (_gcry_ecc_eddsa_compute_h_d): new function. - * cipher/ecc-misc.c (_gcry_ecc_compute_public): Use new function. - (reverse_buffer): Remove. - - ecc: Remove unused internal function. - + commit 4cf2c65fe15173c8d68a141a01b34fc1fb9080b7 - * src/cipher-proto.h (gcry_pk_spec): Remove get_param. - * cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from - _gcry_ecc_get_param. - (_gcry_ecc_get_param): Remove. - * cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param. - -2013-12-06 Jussi Kivilinna - - Fix building on mingw32. - + commit 5917ce34e3b3eac4c15f62577e4723974024f818 - * src/gcrypt-int.h: Include . - -2013-12-05 Werner Koch - - ecc: Change OID for Ed25519. - + commit 7ef43d1eebb4f8226e860982dfe5fa2e2c82ad0f - * cipher/ecc-curves.c (curve_aliased): Add more suitable OID for - Ed25519. - - Remove macro hacks for internal vs. external functions. Part 1. - + commit 7bacf1812b55fa78db63abaa1f5a9220e9c6cccc - * src/visibility.h: Remove almost all define/undef hacks for symbol - visibility. Add macros to detect the use of the public functions. - Change all affected functions by prefixing them explicitly with an - underscore and change all internal callers to call the underscore - prefixed versions. Provide convenience macros from sexp and mpi - functions. - * src/visibility.c: Change all functions to use only gpg_err_code_t - and translate to gpg_error_t only in visibility.c. - -2013-12-04 Jussi Kivilinna - - mpi: add inline assembly for x86-64. - + commit 85bb0a98ea5add0296cbcc415d557eaa1f6bd294 - * mpi/longlong.h [__x86_64] (add_ssaaaa, sub_ddmmss, umul_ppmm) - (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): New. - -2013-12-04 NIIBE Yutaka - - mpi: fix gcry_mpi_powm for negative base. - + commit c56080c26186d25dec05f01831494c77d8d07e13 - * mpi/mpi-pow.c (gcry_mpi_powm) [USE_ALGORITHM_SIMPLE_EXPONENTIATION]: - Fix for the case where BASE is negative. - * tests/mpitests.c (test_powm): Add a test case of (-17)^6 mod 19. - -2013-12-03 Werner Koch - - Add build support for ppc64le. - + commit 2ff86db2e1b0f6cc22a1ca86037b526c5fa3be51 - * config.guess, config.sub: Update to latest version (2013-11-29). - * m4/libtool.m4: Add patches for ppc64le. - -2013-12-03 Jussi Kivilinna - - rijndael: fix compiler warning on aarch64. - + commit 59b1a1b7ee2923e1bf091071ae716d180c6c6006 - * cipher/rijndael.c (do_setkey): Use braces for empty if statement - instead of semicolon. - - Add aarch64 (arm64) mpi assembly. - + commit 80896bc8f5e6ed9a627374e34f040ad5f3617584 - * mpi/aarch64/mpi-asm-defs.h: New. - * mpi/aarch64/mpih-add1.S: New. - * mpi/aarch64/mpih-mul1.S: New. - * mpi/aarch64/mpih-mul2.S: New. - * mpi/aarch64/mpih-mul3.S: New. - * mpi/aarch64/mpih-sub1.S: New. - * mpi/config.links [host=aarch64-*-*]: Add configguration for aarch64 - assembly. - * mpi/longlong.h [__aarch64__] (add_ssaaaa, sub_ddmmss, umul_ppmm) - (count_leading_zeros): New. - -2013-12-02 Werner Koch - - ecc: Use constant time point operation for Twisted Edwards. - + commit d4ce0cfe0d35d7ec69c115456848b5b735c928ea - * mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time - operation if needed. - * tests/benchmark.c (main): Add option --use-secmem. - - ecc: Make gcry_pk_testkey work for Ed25519. - + commit 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2 - * cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G - and d. Change all callers. - * cipher/ecc.c (gen_y_2): Remove. - (check_secret_key): Use generic public key compute function. Adjust - for use with Ed25519 and EdDSA. - (nist_generate_key): Do not use the compliant key thingy for Ed25519. - (ecc_check_secret_key): Make parameter parsing similar to the other - functions. - * cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so - that _gcry_ecc_update_curve_param works correctly. - * tests/keygen.c (check_ecc_keys): Add "param" flag. Check all - Ed25519 keys. - - ecc: Fix eddsa point decompression. - + commit 485f35124b1a74af0bad321ed70be3a79d8d11d7 - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): Fix the negative - case. - - ecc: Fix gcry_mpi_ec_curve_point for Weierstrass. - + commit ecb90f8e7c6f2516080d27ed7da6a25f2314da3c - * mpi/ec.c (_gcry_mpi_ec_curve_point): Use correct equation. - (ec_pow3): New. - (ec_p_init): Always copy B. - - mpi: Introduce 4 user flags for gcry_mpi_t. - + commit 29eddc2558d4cf39995f66d5fccd62f584d5b203 - * src/gcrypt.h.in (GCRYMPI_FLAG_USER1, GCRYMPI_FLAG_USER2) - (GCRYMPI_FLAG_USER3, GCRYMPI_FLAG_USER4): New. - * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) - (gcry_mpi_get_flag, _gcry_mpi_free): Implement them. - (gcry_mpi_set_opaque): Keep user flags. - -2013-11-29 Vladimir 'φ-coder/phcoder' Serbinenko - - Fix armv3 compile error. - + commit 3b1cc9e6c357574f54160298d731c18f3d717b6c - * mpi/longlong.h [__arm__ && __ARM_ARCH < 4] (umul_ppmm): Use - __AND_CLOBBER_CC instead of __CLOBBER_CC. - - longlong.h on mips with clang. - + commit 1ecbd0bca31d462719a2a6590c1d03244e76ef89 - * mpi/longlong.h [__mips__]: Use C-language version with clang. - -2013-11-24 Jussi Kivilinna - - Camellia: Tweaks for AES-NI implementations. - + commit 3ef21e7e1b8003db9792155044db95f9d9ced184 - * cipher/camellia-aesni-avx-amd64.S: Align stack to 16 bytes; tweak - key-setup for small speed up. - * cipher/camellia-aesni-avx2-amd64.S: Use vmovdqu even with aligned - stack; reorder vinsert128 instructions; use rbp for stack frame. - -2013-11-21 Jussi Kivilinna - - Add GMAC to MAC API. - + commit a34448c929b13bfb7b66d69169c89e7319a18b31 - * cipher/Makefile.am: Add 'mac-gmac.c'. - * cipher/mac-gmac.c: New. - * cipher/mac-internal.h (gcry_mac_handle): Add 'u.gcm'. - (_gcry_mac_type_spec_gmac_aes, _gcry_mac_type_spec_gmac_twofish) - (_gcry_mac_type_spec_gmac_serpent, _gcry_mac_type_spec_gmac_seed) - (_gcry_mac_type_spec_gmac_camellia): New externs. - * cipher/mac.c (mac_list): Add GMAC specifications. - * doc/gcrypt.texi: Add mention of GMAC. - * src/gcrypt.h.in (gcry_mac_algos): Add GCM algorithms. - * tests/basic.c (check_one_mac): Add support for MAC IVs. - (check_mac): Add support for MAC IVs and add GMAC test vectors. - * tests/bench-slope.c (mac_bench): Iterate algorithm numbers to 499. - * tests/benchmark.c (mac_bench): Iterate algorithm numbers to 499. - - GCM: Move gcm_table initialization to setkey. - + commit dbfa651618693da7ea73b4d2d00d4efd411bfb46 - * cipher/cipher-gcm.c: Change all 'c->u_iv.iv' to - 'c->u_mode.gcm.u_ghash_key.key'. - (_gcry_cipher_gcm_setkey): New. - (_gcry_cipher_gcm_initiv): Move ghash initialization to function above. - * cipher/cipher-internal.h (gcry_cipher_handle): Add - 'u_mode.gcm.u_ghash_key'; Reorder 'u_mode.gcm' members for partial - clearing in gcry_cipher_reset. - (_gcry_cipher_gcm_setkey): New prototype. - * cipher/cipher.c (cipher_setkey): Add GCM setkey. - (cipher_reset): Clear 'u_mode' only partially for GCM. - -2013-11-20 Jussi Kivilinna - - GCM: Add support for split data buffers and online operation. - + commit fb1e52e3fe231671de546eacd6becd31c26c4f7b - * cipher/cipher-gcm.c (do_ghash_buf): Add buffering for less than - blocksize length input and padding handling. - (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Add handling - for AAD padding and check if data has already being padded. - (_gcry_cipher_gcm_authenticate): Check that AAD or data has not being - padded yet. - (_gcry_cipher_gcm_initiv): Clear padding marks. - (_gcry_cipher_gcm_tag): Add finalization and padding; Clear sensitive - data from cipher handle, since they are not used after generating tag. - * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode.gcm.macbuf', - 'u_mode.gcm.mac_unused', 'u_mode.gcm.ghash_data_finalized' and - 'u_mode.gcm.ghash_aad_finalized'. - * tests/basic.c (check_gcm_cipher): Rename to... - (_check_gcm_cipher): ...this and add handling for different buffer step - lengths; Enable per byte buffer testing. - (check_gcm_cipher): Call _check_gcm_cipher with different buffer step - sizes. - - GCM: Use size_t for buffer sizes. - + commit 2d870a9142e8c8b3f008e1ad8e83e4bdf7a8e4e7 - * cipher/cipher-gcm.c (ghash, gcm_bytecounter_add, do_ghash_buf) - (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) - (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_geniv) - (_gcry_cipher_gcm_tag): Use size_t for buffer lengths. - * cipher/cipher-internal.h (_gcry_cipher_gcm_encrypt) - (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Use size_t - for buffer lengths. - - GCM: add FIPS mode restrictions. - + commit 56d352d6bdcf7abaa33c3399741f5063e2ddc32a - * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) - (_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv - was invocated directly. - (_gcry_cipher_gcm_setiv): Rename to... - (_gcry_cipher_gcm_initiv): ...this. - (_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode. - [TODO] (_gcry_cipher_gcm_getiv): New. - * cipher/cipher-internal.h (gcry_cipher_handle): Add - 'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'. - - GCM: Add clearing and checking of marks.tag. - + commit 32a2da9abc91394b23cf565c1c833fa964394083 - * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt) - (_gcry_cipher_gcm_decrypt, _gcry_cipher_gcm_authenticate): Make sure - that tag has not been finalized yet. - (_gcry_cipher_gcm_setiv): Clear 'marks.tag'. - - GCM: Add stack burning. - + commit 018f08354b1b116672e82f9ce942884b288aaf9e - * cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth. - (setupM): Wipe 'tmp' buffer. - (do_ghash_buf): Wipe 'tmp' buffer and add stack burning. - - Add aggregated bulk processing for GCM on x86-64. - + commit c9537fbf8ff0af919cff2bebadc4c6e7caea8076 - * cipher/cipher-gcm.c [__x86_64__] (gfmul_pclmul_aggr4): New. - (ghash) [GCM_USE_INTEL_PCLMUL]: Add aggregated bulk processing - for __x86_64__. - (setupM) [__x86_64__]: Add initialization for aggregated bulk - processing. - - GCM: Tweak Intel PCLMUL ghash loop for small speed-up. - + commit 9b6764944284fed733c2f88619b3d9eb5d5c259a - * cipher/cipher-gcm.c (do_ghash): Mark 'inline'. - [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): Rename to... - [GCM_USE_INTEL_PCLMUL] (gfmul_pclmul): ..this and make inline function. - (ghash) [GCM_USE_INTEL_PCLMUL]: Preload data before ghash-pclmul loop. - - GCM: Use counter mode code for speed-up. - + commit bd4bd23a2511a4bce63c3217cca0d4ecf0c79532 - * cipher/cipher-gcm.c (ghash): Add process for multiple blocks. - (gcm_bytecounter_add, gcm_add32_be128, gcm_check_datalen) - (gcm_check_aadlen_or_ivlen, do_ghash_buf): New functions. - (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) - (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_set_iv) - (_gcry_cipher_gcm_tag): Adjust to use above new functions and - counter mode functions for encryption/decryption. - * cipher/cipher-internal.h (gcry_cipher_handle): Remove 'length'; Add - 'u_mode.gcm.(addlen|datalen|tagiv|datalen_over_limits)'. - (_gcry_cipher_gcm_setiv): Return gcry_err_code_t. - * cipher/cipher.c (cipher_setiv): Return error code. - (_gcry_cipher_setiv): Handle error code from 'cipher_setiv'. - - Add Intel PCLMUL acceleration for GCM. - + commit 5a65ffabadd50f174ab7375faad7a726cce49e61 - * cipher/cipher-gcm.c (fillM): Rename... - (do_fillM): ...to this. - (ghash): Remove. - (fillM): New macro. - (GHASH): Use 'do_ghash' instead of 'ghash'. - [GCM_USE_INTEL_PCLMUL] (do_ghash_pclmul): New. - (ghash): New. - (setupM): New. - (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) - (_gcry_cipher_gcm_authenticate, _gcry_cipher_gcm_setiv) - (_gcry_cipher_gcm_tag): Use 'ghash' instead of 'GHASH' and - 'c->u_mode.gcm.u_tag.tag' instead of 'c->u_tag.tag'. - * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): New. - (gcry_cipher_handle): Move 'u_tag' and 'gcm_table' under - 'u_mode.gcm'. - * configure.ac (pclmulsupport, gcry_cv_gcc_inline_asm_pclmul): New. - * src/g10lib.h (HWF_INTEL_PCLMUL): New. - * src/global.c: Add "intel-pclmul". - * src/hwf-x86.c (detect_x86_gnuc): Add check for Intel PCLMUL. - - GCM: GHASH optimizations. - + commit 0e9e7d72f3c9eb7ac832746c3034855faaf8d02c - * cipher/cipher-gcm.c [GCM_USE_TABLES] (gcmR, ghash): Replace with new. - [GCM_USE_TABLES] [GCM_TABLES_USE_U64] (bshift, fillM, do_ghash): New. - [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (bshift, fillM): Replace with - new. - [GCM_USE_TABLES] [!GCM_TABLES_USE_U64] (do_ghash): New. - (_gcry_cipher_gcm_tag): Remove extra memcpy to outbuf and use - buf_eq_const for comparing authentication tag. - * cipher/cipher-internal.h (gcry_cipher_handle): Different 'gcm_table' - for 32-bit and 64-bit platforms. - - Add some documentation for GCM mode. - + commit 332da0ed7c8fab6c2bee841c94d8364c2ab4e30d - * doc/gcrypt.texi: Add mention of GCM mode. - -2013-11-19 Dmitry Eremin-Solenikov - - Initial implementation of GCM. - + commit 90cce18b9eced4f412ceeec5bcae18c4493322df - * cipher/Makefile.am: Add 'cipher-gcm.c'. - * cipher/cipher-ccm.c (_gcry_ciphert_ccm_set_lengths) - (_gcry_cipher_ccm_authenticate, _gcry_cipher_ccm_tag) - (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Change - 'c->u_mode.ccm.tag' to 'c->marks.tag'. - * cipher/cipher-gcm.c: New. - * cipher/cipher-internal.h (GCM_USE_TABLES): New. - (gcry_cipher_handle): Add 'marks.tag', 'u_tag', 'length' and - 'gcm_table'; Remove 'u_mode.ccm.tag'. - (_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt) - (_gcry_cipher_gcm_setiv, _gcry_cipher_gcm_authenticate) - (_gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag): New. - * cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey) - (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) - (_gcry_cipher_gettag, _gcry_cipher_checktag): Add GCM mode handling. - * src/gcrypt.h.in (gcry_cipher_modes): Add GCRY_CIPHER_MODE_GCM. - (GCRY_GCM_BLOCK_LEN): New. - * tests/basic.c (check_gcm_cipher): New. - (check_ciphers): Add GCM check. - (check_cipher_modes): Call 'check_gcm_cipher'. - * tests/bench-slope.c (bench_gcm_encrypt_do_bench) - (bench_gcm_decrypt_do_bench, bench_gcm_authenticate_do_bench) - (gcm_encrypt_ops, gcm_decrypt_ops, gcm_authenticate_ops): New. - (cipher_modes): Add GCM enc/dec/auth. - (cipher_bench_one): Limit GCM to block ciphers with 16 byte block-size. - * tests/benchmark.c (cipher_bench): Add GCM. - -2013-11-19 Jussi Kivilinna - - Camellia: fix compiler warning. - + commit 9816ae9d9931b75e4fdc9a5be10e6af447132313 - * cipher/camellia-glue.c (camellia_setkey): Use braces around empty if - statement. - - Tweak Camellia-AVX key-setup for small speed-up. - + commit 77922a82c3f2e30eca04511fa5a355208349c657 - * cipher/camellia-aesni-avx-amd64.S (camellia_f): Merge S-function output - rotation with P-function. - - Add CMAC (Cipher-based MAC) to MAC API. - + commit b49cd64aaaff2e5488a84665362ef7150683226c - * cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'. - * cipher/cipher-cmac.c: New. - * cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'. - * cipher/cipher.c (gcry_cipher_open): Rename to... - (_gcry_cipher_open_internal): ...this and add CMAC. - (gcry_cipher_open): New wrapper that disallows use of internal - modes (CMAC) from outside. - (cipher_setkey, cipher_encrypt, cipher_decrypt) - (_gcry_cipher_authenticate, _gcry_cipher_gettag) - (_gcry_cipher_checktag): Add handling for CMAC mode. - (cipher_reset): Do not reset 'marks.key' and do not clear subkeys in - 'u_mode' in CMAC mode. - * cipher/mac-cmac.c: New. - * cipher/mac-internal.h: Add CMAC support and algorithms. - * cipher/mac.c: Add CMAC algorithms. - * doc/gcrypt.texi: Add documentation for CMAC. - * src/cipher.h (gcry_cipher_internal_modes): New. - (_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate) - (_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag) - (_gcry_cipher_cmac_set_subkeys): New prototypes. - * src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms. - * tests/basic.c (check_mac): Add CMAC test vectors. - -2013-11-16 Jussi Kivilinna - - Add new MAC API, initially with HMAC. - + commit fcd6da37d55f248d3558ee0ff385b41b866e7ded - * cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'. - * cipher/bufhelp.h (buf_eq_const): New. - * cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for - constant-time compare. - * cipher/mac-hmac.c: New. - * cipher/mac-internal.h: New. - * cipher/mac.c: New. - * doc/gcrypt.texi: Add documentation for MAC API. - * src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13] - (GPG_ERR_MAC_ALGO): New. - * src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos) - (gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl) - (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) - (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) - (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name) - (gcry_mac_reset, gcry_mac_test_algo): New. - * src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) - (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) - (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) - (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. - * src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) - (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) - (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) - (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. - * src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) - (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) - (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) - (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. - * src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl) - (gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write) - (gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen) - (gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New. - * tests/basic.c (check_one_mac, check_mac): New. - (main): Call 'check_mac'. - * tests/bench-slope.c (bench_print_header, bench_print_footer): Allow - variable algorithm name width. - (_cipher_bench, hash_bench): Update to above change. - (bench_hash_do_bench): Add 'gcry_md_reset'. - (bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench) - (mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New. - (main): Add 'mac' benchmark options. - * tests/benchmark.c (mac_repetitions, mac_bench): New. - (main): Add 'mac' benchmark options. - - Use correct blocksize of 32 bytes for GOSTR3411-94 HMAC. - + commit b95a557a43aeed68ea5e5ce02aca42ee97bfdb3b - * cipher/md.c (md_open): Set macpads_Bsize to 32 for - GCRY_MD_GOST24311_94. - -2013-11-15 Jussi Kivilinna - - cipher: use size_t for internal buffer lengths. - + commit b787657a9d2c1d8e19f9fcb0b21e31cb062630cf - * cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t' - for buffer lengths. - * cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) - (_gcry_blowfish_cfb_dec): Ditto. - * cipher/camellia-glue.c (_gcry_camellia_ctr_enc) - (_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto. - * cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) - (_gcry_cast5_cfb_dec): Ditto. - * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) - (_gcry_cipher_aeswrap_decrypt): Ditto. - * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) - (_gcry_cipher_cbc_decrypt): Ditto. - * cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt) - (_gcry_cipher_ccm_decrypt): Ditto. - * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) - (_gcry_cipher_cfb_decrypt): Ditto. - * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. - * cipher/cipher-internal.h (gcry_cipher_handle->bulk) - (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt) - (_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt) - (_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt) - (_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt) - (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto. - * cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto. - * cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t) - (gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto. - * cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt) - (do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt) - (cipher_decrypt): Ditto. - * cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) - (_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto. - * cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream) - (salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto. - * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) - (_gcry_serpent_cfb_dec): Ditto. - * cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) - (_gcry_twofish_cfb_dec): Ditto. - * src/cipher-proto.h (gcry_cipher_stencrypt_t) - (gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto. - * src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec) - (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc) - (_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec) - (_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec) - (_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec) - (_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec) - (_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec) - (_gcry_twofish_ctr_enc): Ditto. - - Camellia: Add AVX/AES-NI key setup. - + commit ef9f52cbb39e46918c96200b09c21e931eff174f - * cipher/camellia-aesni-avx-amd64.S (key_bitlength, key_table): New - order of fields in ctx. - (camellia_f, vec_rol128, vec_ror128): New macros. - (__camellia_avx_setup128, __camellia_avx_setup256) - (_gcry_camellia_aesni_avx_keygen): New functions. - * cipher/camellia-aesni-avx2-amd64.S (key_bitlength, key_table): New - order of fields in ctx. - * cipher/camellia-arm.S (CAMELLIA_TABLE_BYTE_LEN, key_length): Remove - unused macros. - * cipher/camellia-glue.c (CAMELLIA_context): Move keytable to head for - better alignment; Make 'use_aesni_avx' and 'use_aesni_avx2' bitfield - members. - [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_keygen): New prototype. - (camellia_setkey) [USE_AESNI_AVX || USE_AESNI_AVX2]: Read hw features - to variable 'hwf' and match features from it. - (camellia_setkey) [USE_AESNI_AVX]: Use AES-NI/AVX key setup if - available. - - Avoid unneeded stack burning with AES-NI and reduce number of 'decryption_prepared' checks - + commit c8ad83fb605fdbf6dc0b0dbcc8aedfbd477640da - * cipher/rijndael.c (RIJNDAEL_context): Make 'decryption_prepared', - 'use_padlock' and 'use_aesni' 1-bit members in bitfield. - (do_setkey): Move 'hwfeatures' inside [USE_AESNI || USE_PADLOCK]. - (do_aesni_enc_aligned): Rename to... - (do_aesni_enc): ...this, as function does not require aligned input. - (do_aesni_dec_aligned): Rename to... - (do_aesni_dec): ...this, as function does not require aligned input. - (do_aesni): Remove. - (rijndael_encrypt): Call 'do_aesni_enc' instead of 'do_aesni'. - (rijndael_decrypt): Call 'do_aesni_dec' instead of 'do_aesni'. - (check_decryption_preparation): New. - (do_decrypt): Remove 'decryption_prepared' check. - (rijndael_decrypt): Ditto and call 'check_decryption_preparation'. - (_gcry_aes_cbc_dec): Ditto. - (_gcry_aes_cfb_enc): Add 'burn_depth' and burn stack only when needed. - (_gcry_aes_cbc_enc): Ditto. - (_gcry_aes_ctr_enc): Ditto. - (_gcry_aes_cfb_dec): Ditto. - (_gcry_aes_cbc_dec): Ditto and correct clearing of 'savebuf'. - -2013-11-14 Werner Koch - - md: Fix hashing for data >= 256 GB. - + commit c43a8c0d81a711161f7a81b24ef7c33a1353eee0 - * cipher/hash-common.h (gcry_md_block_ctx): Add "nblocks_high". - * cipher/hash-common.c (_gcry_md_block_write): Bump NBLOCKS_HIGH. - * cipher/md4.c (md4_init, md4_final): Take care of NBLOCKS_HIGH. - * cipher/md5.c (md5_init, md5_final): Ditto. - * cipher/rmd160.c (_gcry_rmd160_init, rmd160_final): Ditto. - * cipher/sha1.c (sha1_init, sha1_final): Ditto. - * cipher/sha256.c (sha256_init, sha224_init, sha256_final): Ditto. - * cipher/sha512.c (sha512_init, sha384_init, sha512_final): Ditto. - * cipher/tiger.c (do_init, tiger_final): Ditto. - * cipher/whirlpool.c (whirlpool_final): Ditto. - - * cipher/md.c (gcry_md_algo_info): Add GCRYCTL_SELFTEST. - (_gcry_md_selftest): Return "not implemented" as required. - * tests/hashtest.c: New. - * tests/genhashdata.c: New. - * tests/Makefile.am (TESTS): Add hashtest. - (noinst_PROGRAMS): Add genhashdata - -2013-11-13 Christian Grothoff - - ecc: Fix key generation for a plain Ed25519 key. - + commit 7d91e99bcd30a463dd4faed014b8521a663d8316 - * cipher/ecc.c (nist_generate_key): Use custom code for ED25519. - - ecc: Fix some memory leaks. - + commit c4f9af49f228df59c218381a25fa3c0f93ccbeae - * cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning. - * cipher/ecc.c (nist_generate_key): Release Q. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. - -2013-11-11 Werner Koch - - ecc: Change keygrip computation for Ed25519+EdDSA. - + commit 4fb3c8e5a7fc6a1568f54bcc0be17fecf75e0742 - * cipher/ecc.c (compute_keygrip): Rework. - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New. - * cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New. - * tests/keygrip.c (key_grips): Add flag param and test cases for - Ed25519. - - mpi: Add special format GCRYMPI_FMT_OPAQUE. - + commit 8b3eecee2d89179297e43de7d650f74759c61a58 - * src/gcrypt.h.in (GCRYMPI_FMT_OPAQUE): New. - (_gcry_sexp_nth_opaque_mpi): Remove. - * src/sexp.c (gcry_sexp_nth_mpi): Add support for GCRYMPI_FMT_OPAQUE. - (_gcry_sexp_vextract_param): Replace removed function by - GCRYMPI_FMT_OPAQUE. - -2013-11-10 Jussi Kivilinna - - Fix error output in CTR selftest. - + commit 7b26586e35a6d407ca31b41528b0810b1408fd4b - * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Change - fprintf(stderr,...) to syslog(); Correct error output for bulk - IV check, plaintext mismatch => ciphertext mismatch. - -2013-11-09 Jussi Kivilinna - - Fix Serpent-AVX2 and Camellia-AVX2 counter modes. - + commit df29831d008e32faf74091d080a415731418d158 - * cipher/camellia-aesni-avx2-amd64.S - (_gcry_camellia_aesni_avx2_ctr_enc): Byte-swap before checking for - overflow handling. - * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) - (selftest_cbc_128): Add 16 to nblocks. - * cipher/cipher-selftest.c (_gcry_selftest_helper_ctr): Add test with - non-overflowing IV and modify overflow IV to detect broken endianness - handling. - * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc): Byte-swap - before checking for overflow handling; Fix crazy-mixed-endian IV - construction to big-endian. - * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) - (selftest_cbc_128): Add 8 to nblocks. - -2013-11-09 Sergey V - - cipher/gost28147: optimization: use precomputed S-box tables. - + commit 51501b638546665163bbb85a14308fdb99211a28 - * cipher/gost.h (GOST28147_context): Remove unneeded subst and - subst_set members. - * cipher/gost28147.c (max): Remove unneeded macro. - (test_sbox): Replace with new precomputed tables. - (gost_set_subst): Remove function. - (gost_val): Use new S-box tables. - (gost_encrypt_block, gost_decrypt_block): Tweak to use new ctx and - S-box tables. - -2013-11-09 Jussi Kivilinna - - Fix tail handling for AES-NI counter mode. - + commit 60ed0abbbc7cb15812f1e713143c72555acea69e - * cipher/rijndael.c (do_aesni_ctr): Fix outputting of updated - counter-IV. - -2013-11-08 Werner Koch - - ecc: Improve gcry_pk_get_curve. - + commit 03aed1acec611362285db5156a6b92c91604fba4 - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Factor some code out - to .. - (find_domain_parms_idx): new. - (_gcry_ecc_get_curve): Find by curve name on error. - - cipher: Avoid signed divisions in idea.c. - + commit e241dde1420475459e32608137829e52748d0212 - * cipher/idea.c (mul_inv): Use unsigned division. - - ecc: Implement the "nocomp" flag for key generation. - + commit 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc - * cipher/ecc.c (ecc_generate): Support the "nocomp" flag. - * tests/keygen.c (check_ecc_keys): Add a test for it. - - ecc: Make "noparam" the default and replace by "param". - + commit ed45fd2e60c88e2f005282e6eadd018b59dcf65b - * src/cipher.h (PUBKEY_FLAG_NOCOMP): New. - (PUBKEY_FLAG_NOPARAM): Remove. - (PUBKEY_FLAG_PARAM): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new - flags and ignore the obsolete "noparam" flag. - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name - also for curves selected by NBITS. - (_gcry_mpi_ec_new): Support the "param" flag. - * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto. - * tests/keygen.c (check_ecc_keys): Remove the "noparam" flag. - -2013-11-07 Jussi Kivilinna - - Fix decryption function size in AES AMD64 assembly. - + commit bfe4f6523b80bae0040328ef324b9000ee5b38a4 - * cipher/rijndael-amd64.S (_gcry_aes_amd64_decrypt_block): Set '.size' - for '_gcry_aes_amd64_decrypt_block', not '..._encrypt_block'. - - Change 64-bit shift to 32-bit in AES AMD64 assembly. - + commit 57b296ea3a5204cd3711b7bf57c8fb14d8542402 - * cipher/rijndael-amd64.S (do16bit_shr): Change 'shrq' to 'shrl'. - -2013-11-06 Jussi Kivilinna - - Speed-up AES-NI key setup. - + commit f702d62d888b30e24c19f203566a1473098b2b31 - * cipher/rijndael.c [USE_AESNI] (m128i_t): Remove. - [USE_AESNI] (u128_t): New. - [USE_AESNI] (aesni_do_setkey): New. - (do_setkey) [USE_AESNI]: Move AES-NI accelerated key setup to - 'aesni_do_setkey'. - (do_setkey): Call _gcry_get_hw_features only once. Clear stack after - use in generic key setup part. - (rijndael_setkey): Remove stack burning. - (prepare_decryption) [USE_AESNI]: Use 'u128_t' instead of 'm128i_t' to - avoid compiler generated SSE2 instructions and XMM register usage, - unroll 'aesimc' setup loop - (prepare_decryption): Clear stack after use. - [USE_AESNI] (do_aesni_enc_aligned): Update comment about alignment. - (do_decrypt): Do not burning stack after prepare_decryption. - - Avoid burn stack in Arcfour setkey. - + commit a50a6ba3540f49fc7dcdb32e691327d5942e3509 - * cipher/arcfour.c (arcfour_setkey): Remove stack burning. - - Avoid burn_stack in CAST5 setkey. - + commit 5797ebc268b4e953cedd0c729c5cdb1f8fd764e4 - * cipher/cast5.c (do_cast_setkey): Use wipememory instead of memset. - (cast_setkey): Remove stack burning. - - Improve Serpent key setup speed. - + commit 9897ccb381503455edc490679b2e9251a09ac5cb - * cipher/serpent.c (SBOX, SBOX_INVERSE): Remove index argument. - (serpent_subkeys_generate): Use smaller temporary arrays for subkey - generation and perform stack clearing locally. - (serpent_setkey_internal): Use wipememory to clear stack and remove - _gcry_burn_stack. - (serpent_setkey): Remove unneeded _gcry_burn_stack. - - Modify encrypt/decrypt arguments for in-place. - + commit b8515aa70b00baba3fba8121ed305edcd029c8c7 - * cipher/cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Modify - local arguments if in-place operation. - - Speed up Stribog. - + commit a48d07ccadee4cb8b666a9a4ba2f00129bad5b2f - * cipher/stribog.c (STRIBOG_TABLES): Remove. - (Pi): Remove. - [!STRIBOG_TABLES] (A, strido): Remove. - (stribog_table): New table pre-reordered with Pi values. - (strido): Rewrite for new table. - (LPSX): Rewrite for new table. - (xor): Remove. - (g): Small tweaks. - - Tweak AES-NI bulk CTR mode slightly. - + commit 3b5058b58a183fa23ecf3ef819e2ae6ac64c0216 - * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_2_5): Rename to... - (aesni_cleanup_2_6): ...this and clear also 'xmm6'. - [USE_AESNI && __i386__] (do_aesni_ctr, do_aesni_ctr_4): Prevent - inlining only on i386, allow on AMD64. - [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Use counter block from - 'xmm5' and byte-swap mask from 'xmm6'. - (_gcry_aes_ctr_enc) [USE_AESNI]: Preload counter block to 'xmm5' and - byte-swap mask to 'xmm6'. - (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use - 'aesni_cleanup_2_6'. - - Tweak bench-slope parameters. - + commit 7e98eecc1a955bc253765f92a166b6560f085b8c - * tests/bench-slope.c (BUF_STEP_SIZE): Half step size to 64. - (NUM_MEASUREMENT_REPETITIONS): Double repetitions to 64. - - Optimize Blowfish weak key check. - + commit 8e1c0f9b894c39b6554c544208dc000682f520c7 - * cipher/blowfish.c (hashset_elem, val_to_hidx, add_val): New. - (do_bf_setkey): Use faster algorithm for detecting weak keys. - (bf_setkey): Move stack burning to do_bf_setkey. - - Fix __builtin_bswap32/64 checks. - + commit 2590a5df6f5fc884614c8c379324027d2d61b9b5 - * configure.ac (gcry_cv_have_builtin_bswap32) - (gcry_cv_have_builtin_bswap64): Change compile checks to link checks. - - Fix 'u32' build error with Camellia. - + commit 84bcb400e7db7268abfc29b5ab1513b0c063b293 - * cipher/camellia.c: Add include for and "types.h". - (u32): Remove. - (u8): Typedef as 'byte'. - -2013-11-06 Werner Koch - - pubkey: Add forward compatibility feature. - + commit 6d169b654c7ff04c10f73afe80b2c70cefa410c1 - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add - "igninvflag". - -2013-11-05 Werner Koch - - ecc: Require "eddsa" flag for curve Ed25519. - + commit b9fd3988b54b50109f4e7179e7fe0739bb1d97c5 - * src/cipher.h (PUBKEY_FLAG_ECDSA): Remove. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa". - * cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag. - * cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag. - * tests/benchmark.c, tests/keygen.c, tests/pubkey.c - * tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags. - - ecc: Fully implement Ed25519 compression in ECDSA mode. - + commit f09ffe8a4802af65a116e79eceeb1cb4ed4fa2f4 - * src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS. - * mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it. - * cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as - opaque mpi and use eddsa decoding depending on the flag. - (_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the - curve. - - mpi: Add function gcry_mpi_set_opaque_copy. - + commit 630aca794ddf057fb7265b7dc346374743036af4 - * src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New. - * src/visibility.c (gcry_mpi_set_opaque_copy): New. - * src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible. - * src/libgcrypt.def, src/libgcrypt.vers: Add new API. - * tests/mpitests.c (test_opaque): Add test. - -2013-11-04 Jussi Kivilinna - - Make test vectors 'static const' - + commit d50a88d1e29124d038196fec6082fd093e922604 - * cipher/arcfour.c (selftest): Change test vectors to 'static const'. - * cipher/blowfish.c (selftest): Ditto. - * cipher/camellia-glue.c (selftest): Ditto. - * cipher/cast5.c (selftest): Ditto. - * cipher/des.c (selftest): Ditto. - * cipher/rijndael.c (selftest): Ditto. - * tests/basic.c (cipher_cbc_mac_cipher, check_aes128_cbc_cts_cipher) - (check_ctr_cipher, check_cfb_cipher, check_ofb_cipher) - (check_ccm_cipher, check_stream_cipher) - (check_stream_cipher_large_block, check_bulk_cipher_modes) - (check_ciphers, check_digests, check_hmac, check_pubkey_sign) - (check_pubkey_sign_ecdsa, check_pubkey_crypt, check_pubkey): Ditto. - -2013-11-03 Jussi Kivilinna - - Make jump labels local in Salsa20 assembly. - + commit d4697862266f3c96b6946dc92139dd8f3e81e5f6 - * cipher/salsa20-amd64.S: Rename '._labels' to '.L_labels'. - * cipher/salsa20-armv7-neon.S: Ditto. - -2013-10-30 Jussi Kivilinna - - bithelp: fix undefined behaviour with rol and ror. - + commit d1cadd145199040299538891ab2ccd1208f7776e - * cipher/bithelp.h (rol, ror): Mask shift with 31. - -2013-10-29 Werner Koch - - tests: Add feature to skip benchmarks. - + commit ba6bffafd17bea11985afc500022d66da261d59a - * tests/benchmark.c (main): Add feature to skip the test. - * tests/bench-slope.c (main): Ditto. - (get_slope): Repace C++ style comment. - (double_cmp, cipher_bench, _hash_bench): Repalce system reserved - symbols. - - ecc: Finish Ed25519/ECDSA hack. - + commit c284f15db99e9cb135612de710199abb23baafd3 - * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case. - (ecc_verify): Implement ED25519/ECDSA uncompression. - - ecc: Add flags "noparam" and "comp". - + commit ba892a0a874c8b2a83dbf0940608cd7e2911ce01 - * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags - and change code for possible faster parsing. - * cipher/ecc.c (ecc_generate): Implement the "noparam" flag. - (ecc_sign): Ditto. - (ecc_verify): Ditto. - * tests/keygen.c (check_ecc_keys): Use the "noparam" flag. - - * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated - transient-flag parameter. - (ecc_verify): Do not make Q optional in the extract-param call. - -2013-10-28 Jussi Kivilinna - - Fix typos in documentation. - + commit 1faa61845f180bd47e037e400dde2d864ee83c89 - * doc/gcrypt.texi: Fix some typos. - - Add ARM NEON assembly implementation of Serpent. - + commit 2cb6e1f323d24359b1c5b113be5c2f79a2a4cded - * cipher/Makefile.am: Add 'serpent-armv7-neon.S'. - * cipher/serpent-armv7-neon.S: New. - * cipher/serpent.c (USE_NEON): New macro. - (serpent_context_t) [USE_NEON]: Add 'use_neon'. - [USE_NEON] (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) - (_gcry_serpent_neon_cbc_dec): New prototypes. - (serpent_setkey_internal) [USE_NEON]: Detect NEON support. - (_gcry_serpent_neon_ctr_enc, _gcry_serpent_neon_cfb_dec) - (_gcry_serpent_neon_cbc_dec) [USE_NEON]: Use NEON implementations - to process eight blocks in parallel. - * configure.ac [neonsupport]: Add 'serpent-armv7-neon.lo'. - - Add ARM NEON assembly implementation of Salsa20. - + commit 3ff9d2571c18cd7a34359f9c60a10d3b0f932b23 - * cipher/Makefile.am: Add 'salsa20-armv7-neon.S'. - * cipher/salsa20-armv7-neon.S: New. - * cipher/salsa20.c [USE_ARM_NEON_ASM]: New macro. - (struct SALSA20_context_s, salsa20_core_t, salsa20_keysetup_t) - (salsa20_ivsetup_t): New. - (SALSA20_context_t) [USE_ARM_NEON_ASM]: Add 'use_neon'. - (SALSA20_context_t): Add 'keysetup', 'ivsetup' and 'core'. - (salsa20_core): Change 'src' argument to 'ctx'. - [USE_ARM_NEON_ASM] (_gcry_arm_neon_salsa20_encrypt): New prototype. - [USE_ARM_NEON_ASM] (salsa20_core_neon, salsa20_keysetup_neon) - (salsa20_ivsetup_neon): New. - (salsa20_do_setkey): Setup keysetup, ivsetup and core with default - functions. - (salsa20_do_setkey) [USE_ARM_NEON_ASM]: When NEON support detect, - set keysetup, ivsetup and core with ARM NEON functions. - (salsa20_do_setkey): Call 'ctx->keysetup'. - (salsa20_setiv): Call 'ctx->ivsetup'. - (salsa20_do_encrypt_stream) [USE_ARM_NEON_ASM]: Process large buffers - in ARM NEON implementation. - (salsa20_do_encrypt_stream): Call 'ctx->core' instead of directly - calling 'salsa20_core'. - (selftest): Add test to check large buffer processing and block counter - updating. - * configure.ac [neonsupport]: 'Add salsa20-armv7-neon.lo'. - - Add AMD64 assembly implementation of Salsa20. - + commit 5a3d43485efdc09912be0967ee0a3ce345b3b15a - * cipher/Makefile.am: Add 'salsa20-amd64.S'. - * cipher/salsa20-amd64.S: New. - * cipher/salsa20.c (USE_AMD64): New macro. - [USE_AMD64] (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) - (_gcry_salsa20_amd64_encrypt_blocks): New prototypes. - [USE_AMD64] (salsa20_keysetup, salsa20_ivsetup, salsa20_core): New. - [!USE_AMD64] (salsa20_core): Change 'src' to non-constant, update block - counter in 'salsa20_core' and return burn stack depth. - [!USE_AMD64] (salsa20_keysetup, salsa20_ivsetup): New. - (salsa20_do_setkey): Move generic key setup to 'salsa20_keysetup'. - (salsa20_setkey): Fix burn stack depth. - (salsa20_setiv): Move generic IV setup to 'salsa20_ivsetup'. - (salsa20_do_encrypt_stream) [USE_AMD64]: Process large buffers in AMD64 - implementation. - (salsa20_do_encrypt_stream): Move stack burning to this function... - (salsa20_encrypt_stream, salsa20r12_encrypt_stream): ...from these - functions. - * configure.ac [x86-64]: Add 'salsa20-amd64.lo'. - - Add new benchmarking utility, bench-slope. - + commit e214e8392671dd30e9c33260717b5e756debf3bf - * tests/Makefile.am (TESTS): Add 'bench-slope'. - * tests/bench-slope.c: New. - - Change .global to .globl in assembly files. - + commit ebc8abfcb09d6106fcfce40f240a513e276f46e9 - * cipher/blowfish-arm.S: Change '.global' to '.globl'. - * cipher/camellia-aesni-avx-amd64.S: Ditto. - * cipher/camellia-aesni-avx2-amd64.S: Ditto. - * cipher/camellia-arm.S: Ditto. - * cipher/cast5-amd64.S: Ditto. - * cipher/rijndael-amd64.S: Ditto. - * cipher/rijndael-arm.S: Ditto. - * cipher/serpent-avx2-amd64.S: Ditto. - * cipher/serpent-sse2-amd64.S: Ditto. - * cipher/twofish-amd64.S: Ditto. - * cipher/twofish-arm.S: Ditto. - -2013-10-26 Jussi Kivilinna - - Deduplicate code for ECB encryption and decryption. - + commit 51f1beab3d1e879942a95f58b08de7dbcce75dce - * cipher/cipher.c (do_ecb_crypt): New, based on old 'do_ecb_encrypt'. - (do_ecb_encrypt): Use 'do_ecb_crypt', pass encryption function. - (do_ecb_decrypt): Use 'do_ecb_crypt', pass decryption function. - -2013-10-26 Dmitry Eremin-Solenikov - - Drop _gcry_cipher_ofb_decrypt as it duplicates _gcry_cipher_ofb_encrypt. - + commit d9431725952e40f201c7eda000d3c8511ebd5b33 - * cipher/cipher.c (cipher_decrypt): Use _gcry_cipher_ofb_encrypt for OFB - decryption. - * cipher/cipher-internal.h: Remove _gcry_cipher_ofb_decrypt declaration. - * cipher/cipher-ofb.c (_gcry_cipher_ofb_decrypt): Remove. - (_gcry_cipher_ofb_encrypt): remove copying of IV to lastiv, it's - unused there. - -2013-10-25 Werner Koch - - tests: Add tests for mpi_cmp. - + commit 6c6d4810927de7310ae7bac61b4ff5467d7cb485 - * tests/mpitests.c (die): Modernize. - (fail): New. - (test_opaque, test_add, test_sub, test_mul): Use gcry_log_xx - (main): Return error count. - (test_cmp): New. - -2013-10-24 Werner Koch - - ecc: Change algorithm for Ed25519 x recovery. - + commit c630fd71b336eb9209e914d24dc1e26a34521882 - * cipher/ecc-eddsa.c (scanval): Add as temporary hack. - (_gcry_ecc_eddsa_recover_x): Use the algorithm from page 15 of the - paper. Return an error code. - (_gcry_ecc_eddsa_decodepoint): Take care of the error code. - * mpi/mpi-mul.c (gcry_mpi_mulm): Use truncated division. - - ecc: Refactor _gcry_ecc_eddsa_decodepoint. - + commit 1cf5699b6febab1ef9d300531acc2ee33a7df739 - * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_decodepoint): Factor some code - out to .. - (_gcry_ecc_eddsa_recover_x): new. - -2013-10-24 Jussi Kivilinna - - ecc-gost: Add missing include. - + commit 9ce54e5b512418ddf45ce18f2cbd48cdced779f5 - * ecc-gost.c: Include "pubkey-internal.h". - -2013-10-23 Jussi Kivilinna - - Replace architecture specific fast_wipememory2 with generic. - + commit 54df6fcd806f8c150cffe6cc09925bb8b638bb5b - * src/g10lib.h (fast_wipememory2): Remove architecture specific - implementations and add generic implementation. - - Improve the speed of the cipher mode code. - + commit 293e93672fdabc829e35cc624c397276342bafe4 - * cipher/bufhelp.h (buf_cpy): New. - (buf_xor, buf_xor_2dst): If buffers unaligned, always jump to per-byte - processing. - (buf_xor_n_copy_2): New. - (buf_xor_n_copy): Use 'buf_xor_n_copy_2'. - * cipher/blowfish.c (_gcry_blowfish_cbc_dec): Avoid extra memory copy - and use new 'buf_xor_n_copy_2'. - * cipher/camellia-glue.c (_gcry_camellia_cbc_dec): Ditto. - * cipher/cast5.c (_gcry_cast_cbc_dec): Ditto. - * cipher/serpent.c (_gcry_serpent_cbc_dec): Ditto. - * cipher/twofish.c (_gcry_twofish_cbc_dec): Ditto. - * cipher/rijndael.c (_gcry_aes_cbc_dec): Ditto. - (do_encrypt, do_decrypt): Use 'buf_cpy' instead of 'memcpy'. - (_gcry_aes_cbc_enc): Avoid copying IV, use 'last_iv' pointer instead. - * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt): Avoid copying IV, - update pointer to IV instead. - (_gcry_cipher_cbc_decrypt): Avoid extra memory copy and use new - 'buf_xor_n_copy_2'. - (_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt): Avoid extra - accesses to c->spec, use 'buf_cpy' instead of memcpy. - * cipher/cipher-ccm.c (do_cbc_mac): Ditto. - * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) - (_gcry_cipher_cfb_decrypt): Ditto. - * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto. - * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) - (_gcry_cipher_ofb_decrypt): Ditto. - * cipher/cipher.c (do_ecb_encrypt, do_ecb_decrypt): Ditto. - - bufhelp: enable unaligned memory accesses for AArch64 (64-bit ARM) - + commit 2901a10dbf1264707debc8402546c07eeac60932 - * cipher/bufhelp.h [__aarch64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set - macro on AArch64. - -2013-10-23 Dmitry Eremin-Solenikov - - Enable assembler optimizations on earlier ARM cores. - + commit 2fd83faa876d0be91ab7884b1a9eaa7793559eb9 - * cipher/blowfish-armv6.S => cipher/blowfish-arm.S: adapt to pre-armv6 CPUs. - * cipher/blowfish.c: enable assembly on armv4/armv5 little-endian CPUs. - * cipher/camellia-armv6.S => cipher/camellia-arm.S: adapt to pre-armv6 CPUs. - * cipher/camellia.c, cipher-camellia-glue.c: enable assembly on armv4/armv5 - little-endian CPUs. - * cipher/cast5-armv6.S => cipher/cast5-arm.S: adapt to pre-armv6 CPUs. - * cipher/cast5.c: enable assembly on armv4/armv5 little-endian CPUs. - * cipher/rijndael-armv6.S => cipher/rijndael-arm.S: adapt to pre-armv6 CPUs. - * cipher/rijndael.c: enable assembly on armv4/armv5 little-endian CPUs. - * cipher/twofish-armv6.S => cipher/twofish-arm.S: adapt to pre-armv6 CPUs. - * cipher/twofish.c: enable assembly on armv4/armv5 little-endian CPUs. - - mpi: enable assembler on all arm architectures. - + commit 0b39fce7e3ce6761d6bd5195d093ec6857edb7c2 - * mpi/config.links: remove check for arm >= v6 - * mpi/armv6 => mpi/arm: rename directory to reflect that is is generic - enough - - Correct ASM assembly test in configure.ac. - + commit 10bf6a7e16ed193f90d2749970a420f00d1d3320 - * configure.ac: correct HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS test to - require neither ARMv6, nor thumb mode. Our assembly code works - perfectly even on ARMv4 now. - -2013-10-23 Werner Koch - - ecc: Refactor ecc.c. - + commit 164eb8c85d773ef4f0939115ec45f5e4b47c1700 - * cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New. - * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. - * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files. - * cipher/ecc.c (point_init, point_free): Move to ecc-common.h. - (sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign. - (verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify. - (sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign. - (verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify. - (sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign. - (verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify. - (eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey. - (reverse_buffer): Move to ecc-eddsa.c. - (eddsa_encodempi, eddsa_encode_x_y): Ditto. - (_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto. - - mpi: Fix scanning of negative SSH formats and add more tests. - + commit 45f6e6268bfdc4b608beaba6b7086b2286e33c71 - * mpi/mpicoder.c (gcry_mpi_scan): Fix sign setting for SSH format. - * tests/t-convert.c (negative_zero): Test all formats. - (check_formats): Add tests for PGP and scan tests for SSH and USG. - - * src/gcrypt.h.in (mpi_is_neg): Fix macro. - - * mpi/mpi-scan.c (_gcry_mpi_getbyte, _gcry_mpi_putbyte): Comment out - these unused functions. - -2013-10-22 Jussi Kivilinna - - twofish: add ARMv6 assembly implementation. - + commit 98674fdaa30ab22a3ac86ca05d688b5b6112895d - * cipher/Makefile.am: Add 'twofish-armv6.S'. - * cipher/twofish-armv6.S: New. - * cipher/twofish.c (USE_ARMV6_ASM): New macro. - [USE_ARMV6_ASM] (_gcry_twofish_armv6_encrypt_block) - (_gcry_twofish_armv6_decrypt_block): New prototypes. - [USE_AMDV6_ASM] (twofish_encrypt, twofish_decrypt): Add. - [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt): Remove. - (_gcry_twofish_ctr_enc, _gcry_twofish_cfb_dec): Use 'twofish_encrypt' - instead of 'do_twofish_encrypt'. - (_gcry_twofish_cbc_dec): Use 'twofish_decrypt' instead of - 'do_twofish_decrypt'. - * configure.ac [arm]: Add 'twofish-armv6.lo'. - - mpi: allow building with clang on ARM. - + commit e67c67321ce240c93dd0fa2b21c649c0a8e233f7 - * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss, umul_ppmm) - (count_leading_zeros): Do not cast assembly output arguments. - [__arm__] (umul_ppmm): Remove the extra '%' ahead of assembly comment. - [_ARM_ARCH >= 4] (umul_ppmm): Use correct inputs and outputs instead of - registers. - - serpent-amd64: do not use GAS macros. - + commit c7efaa5fe0ee92e321a7b49d56752cc12eb75fe0 - * cipher/serpent-avx2-amd64.S: Remove use of GAS macros. - * cipher/serpent-sse2-amd64.S: Ditto. - * configure.ac [HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Do not check - for GAS macros. - - Add Counter with CBC-MAC mode (CCM) - + commit 335d9bf7b035815750b63a3a8334d6ce44dc4449 - * cipher/Makefile.am: Add 'cipher-ccm.c'. - * cipher/cipher-ccm.c: New. - * cipher/cipher-internal.h (gcry_cipher_handle): Add 'u_mode'. - (_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt) - (_gcry_cipher_ccm_set_nonce, _gcry_cipher_ccm_authenticate) - (_gcry_cipher_ccm_get_tag, _gcry_cipher_ccm_check_tag) - (_gcry_cipher_ccm_set_lengths): New prototypes. - * cipher/cipher.c (gcry_cipher_open, cipher_encrypt, cipher_decrypt) - (_gcry_cipher_setiv, _gcry_cipher_authenticate, _gcry_cipher_gettag) - (_gcry_cipher_checktag, gry_cipher_ctl): Add handling for CCM mode. - * doc/gcrypt.texi: Add documentation for GCRY_CIPHER_MODE_CCM. - * src/gcrypt.h.in (gcry_cipher_modes): Add 'GCRY_CIPHER_MODE_CCM'. - (gcry_ctl_cmds): Add 'GCRYCTL_SET_CCM_LENGTHS'. - (GCRY_CCM_BLOCK_LEN): New. - * tests/basic.c (check_ccm_cipher): New. - (check_cipher_modes): Call 'check_ccm_cipher'. - * tests/benchmark.c (ccm_aead_init): New. - (cipher_bench): Add handling for AEAD modes and add CCM benchmarking. - - Add API to support AEAD cipher modes. - + commit 95654041f2aa62f71aac4d8614dafe8433d10f95 - * cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag) - (_gcry_cipher_gettag): New. - * doc/gcrypt.texi: Add documentation for new API functions. - * src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag) - (gcry_cipher_gettag): New. - * src/gcrypt.h.in, src/visibility.h: add declarations of these - functions. - * src/libgcrypt.defs, src/libgcrypt.vers: export functions. - -2013-10-22 NIIBE Yutaka - - ecc: Correct compliant key generation for Edwards curves. - + commit a5a277a9016ccb34f1858a65e0ed1791b2fc3db3 - * cipher/ecc.c: Add case for Edwards curves. - -2013-10-17 Werner Koch - - tests: Add test options to keygen. - + commit f7711e6eb5f02d03c74911f6f037ab28075e7c0d - * tests/keygen.c (usage): New. - (main): Print usage info. Allow running just one algo. - - mpi: Do not clear the sign of the mpi_mod result. - + commit 91e007606f1f6f8e1416c403fe809d47fddf9b1f - * mpi/mpi-mod.c (_gcry_mpi_mod): Remove sign setting. - - ecc: Put the curve name again into the output of gcry_pk_genkey. - + commit 4776dcd394ce59fa50d959921857b3427c5a63c8 - * cipher/ecc.c (ecc_generate): Use the correct var. Release - CURVE_FLAGS. - - ecc: Support Weierstrass curves in gcry_mpi_ec_curve_point. - + commit b22417158c50ec3a0b2ff55b4ade063b42a87e8f - * mpi/ec.c (_gcry_mpi_ec_curve_point): Support MPI_EC_WEIERSTRASS. - -2013-10-16 Jussi Kivilinna - - arcfour: more optimized version for non-i386 architectures. - + commit f9371c026aad09ff48746d22c8333746c886e773 - * cipher/arcfour.c (ARCFOUR_context): Reorder members. - (do_encrypt_stream) [!__i386__]: Faster implementation for non-i386. - (do_arcfour_setkey): Avoid modulo operations. - - Avoid void* pointer arithmetic. - + commit c89ab921ccfaefe6c4f6a724d01e0df41a1a381f - * tests/tsexp.c (check_extract_param): Cast void* pointers to char* - before doing arithmetics. - -2013-10-16 Dmitry Eremin-Solenikov - - ecc: Add support for GOST R 34.10-2001/-2012 signatures. - + commit 83902f1f1dbc8263a0c3f61be59cd2eb95293c97 - * src/cipher.h: define PUBKEY_FLAG_GOST - * cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves - defined in standards. Typical applications would use either those - curves, or curves defined in RFC 4357 (will be added later). - * cipher/ecc.c (sign_gost, verify_gost): New. - (ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST - is set. - (ecc_names): add "gost" for gost signatures. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist, - _gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag - is present in s-exp. - * tests/benchmark.c (ecc_bench): also benchmark GOST signatures. - * tests/basic.c (check_pubkey): add two public keys from - GOST R 34.10-2012 standard. - (check_pubkey_sign_ecdsa): add two data sets to check gost signatures. - * tests/curves.c: correct N_CURVES as we now have 2 more curves. - - - Removed some comments from the new curve definitions in ecc-curves.c - to avoid line wrapping. Eventually we will develop a precompiler to - avoid parsing those hex strings. -wk - - Fix 256-bit ecdsa test key definition. - + commit 187b2bb541b985255aee262d181434a7cb4ae2e7 - * tests/basic.c (check_pubkey): fix nistp256 testing key declaration - - add missing comma. - -2013-10-16 Werner Koch - - sexp: Add function gcry_sexp_extract_param. - + commit a329b6abf00c990faf1986f9fbad7b4d71c13bcb - * src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New. - (gcry_sexp_extract_param): New. - * src/visibility.c (gcry_sexp_extract_param): New. - * src/visibility.h (gcry_sexp_extract_param): Add hack to detect - internal use. - * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split - into ... - * src/sexp.c (_gcry_sexp_vextract_param) - (_gcry_sexp_extract_param): this. Change all callers. Add support for buffer - descriptors and a path option/ - - * tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New. - (cmp_mpihex, cmp_bufhex): New. - (check_extract_param): New. - -2013-10-16 NIIBE Yutaka - - mpi: mpi-pow improvement. - + commit 45aa6131e93fac89d46733b3436d960f35fb99b2 - * mpi/mpi-pow.c (gcry_mpi_powm): New implementation of left-to-right - k-ary exponentiation. - -2013-10-15 Werner Koch - - ecc: Support use of Ed25519 with ECDSA. - + commit 537969fbbb1104b8305a7edb331b7666d54eff2c - * src/cipher.h (PUBKEY_FLAG_ECDSA): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa". - * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output. - (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA. - * tests/keygen.c (check_ecc_keys): Create such a test key. - * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New. - Take from dsa-6979.c - (check_ed25519ecdsa_sample_key): new. - (main): Call new test. - -2013-10-14 Werner Koch - - pubkey: Support flags list in gcry_pk_genkey. - + commit d3a605d7827b8a73ef844e9e5183590bd6b1389a - * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New. - (PUBKEY_FLAG_USE_X931): New. - (PUBKEY_FLAG_USE_FIPS186): New. - (PUBKEY_FLAG_USE_FIPS186_2): New. - * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from - parse_flags_list. Parse new flags. - * cipher/dsa.c (dsa_generate): Support flag list. - * cipher/ecc.c (ecc_generate): Ditto. - * cipher/rsa.c (rsa_generate): Ditto. - - pubkey: Remove duplicated flag parsing code. - + commit 5be2345ddec4147e535d5b039ee74f84bcacf9e4 - * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval) - (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to .. - (parse_flag_list): New. - * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New. - - mpicalc: Accept lowercase hex digits. - + commit 0cd551faa775ad5309a40629ae30bf86b75fca09 - * src/mpicalc.c (main): Test for lowercase hex digits. - -2013-10-11 Werner Koch - - pubkey: Move sexp parsing of remaining fucntions to the modules. - + commit a951c061523e1c13f1358c9760fc3a9d787ab2d4 - * cipher/pubkey.c (release_mpi_array): Remove. - (pubkey_check_secret_key): Remove. - (sexp_elements_extract): Remove. - (sexp_elements_extract_ecc): Remove. - (sexp_to_key): Remove. - (get_hash_algo): Remove. - (gcry_pk_testkey): Revamp. - (gcry_pk_get_curve): Revamp. - * cipher/rsa.c (rsa_check_secret_key): Revamp. - * cipher/elgamal.c (elg_check_secret_key): Revamp. - * cipher/dsa.c (dsa_check_secret_key): Revamp. - * cipher/ecc.c (ecc_check_secret_key): Revamp. - * cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h - (_gcry_ecc_get_curve): Revamp. - - * cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and - used parameters on error to NULL. - - pubkey: Move sexp parsing for gcry_pk_decrypt to the modules. - + commit 07950c865a901afc48acb46f0695040cadfd5068 - * cipher/rsa.c (rsa_decrypt): Revamp. - * cipher/elgamal.c (elg_decrypt): Revamp. - * cipher/ecc.c (ecc_decrypt_raw): Revamp. - * cipher/pubkey.c (gcry_pk_decrypt): Simplify. - (sexp_to_enc): Remove. - * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New. - - pubkey: Move sexp parsing for gcry_pk_encrypt to the modules. - + commit 6bd5d18c45a4a3ce8f0f66f56c83b80594877f53 - * cipher/rsa.c (rsa_encrypt): Revamp. - * cipher/elgamal.c (elg_encrypt): Revamp. - * cipher/ecc.c (ecc_encrypt_raw): Revamp. - * cipher/pubkey.c (gcry_pk_encrypt): Simplify. - - * tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so - that they are initialized even after an encrypt failure. - - pubkey: Move sexp parsing for gcry_pk_sign to the modules. - + commit d0ae6635e4e6ae273c3a137c513d518f28f6eab3 - * cipher/rsa.c (rsa_sign): Revamp. - * cipher/dsa.c (dsa_sign): Revamp. - * cipher/elgamal.c (elg_sign): Revamp. - * cipher/ecc.c (ecc_sign): Revamp. - * cipher/pubkey.c (gcry_pk_sign): Simplify. - -2013-10-10 Jussi Kivilinna - - Prevent tail call optimization with _gcry_burn_stack. - + commit 150c0313f971bcea62d2802f0389c883e11ebb31 - * configure.ac: New check, HAVE_GCC_ASM_VOLATILE_MEMORY. - * src/g10lib.h (_gcry_burn_stack): Rename to __gcry_burn_stack. - (__gcry_burn_stack_dummy): New. - (_gcry_burn_stack): New macro. - * src/misc.c (_gcry_burn_stack): Rename to __gcry_burn_stack. - (__gcry_burn_stack_dummy): New. - -2013-10-09 Werner Koch - - pubkey: Move sexp parsing for gcry_pk_verify to the modules. - + commit 94b652ecb006c29fa2ffb1badc9f02b758581737 - * cipher/rsa.c (rsa_verify): Revamp. - * cipher/dsa.c (dsa_verify): Revamp. - * cipher/elgamal.c (elg_verify): Revamp. - * cipher/ecc.c (ecc_verify): Revamp. - * cipher/pubkey.c (sexp_to_sig): Remove. - (pss_verify_cmp): Move to pubkey-util.c - (sexp_data_to_mpi): Ditto. - (init_encoding_ctx): Ditto. - (gcry_pk_verify): Simplify. - * cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take - from pubkey.c - (get_hash_algo): Ditto. - (_gcry_pk_util_data_to_mpi): Ditto. - (pss_verify_cmp): Ditto. - (_gcry_pk_util_extract_mpis): New. - (_gcry_pk_util_preparse_sigval): New. - (_gcry_pk_util_free_encoding_ctx): New. - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init - optional. - - * src/g10lib.h (GCC_ATTR_SENTINEL): New. - - * tests/basic.c (check_pubkey_sign): Print the algo name. - (main): Add option --pubkey. - -2013-10-08 Werner Koch - - pubkey: Move sexp parsing for gcry_pk_get_nbits to the modules. - + commit 4645f3728bb0900591b0aef85831fdee52c59e3c - * cipher/pubkey.c (spec_from_sexp): New. - (gcry_pk_get_nbits): Simplify. - * cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp - parsing here. - * cipher/dsa.c (dsa_get_nbits): Ditto. - * cipher/elgamal.c (elg_get_nbits): Ditto. - * cipher/ecc.c (ecc_get_nbits): Ditto. - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg - CURVE. - - pubkey: Move sexp parsing for gcry_pk_getkey to the modules. - + commit 3816e46ce211e63adf46dbc775510aa137572248 - * cipher/pubkey-util.c: New. - (_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey. - (_gcry_pk_util_get_rsa_use_e): Ditto. - * cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass. - * cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE. - Call new fucntions to get these values. - * cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE. - Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms. - * cipher/elgamal.c (elg_generate): Ditto. - * cipher/ecc.c (ecc_generate): Ditto. - - cipher: Deprecate GCRY_PK_ELG_E. - + commit f79d3e13d3229115c47cbe5007647cb44105fe3f - * cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove. - * cipher/pubkey.c (pubkey_list): Remove double included - _gcry_pubkey_spec_elg. - (map_algo): MAke ELG_E to ELG. - -2013-10-02 Werner Koch - - Provide Pth compatiblity for use with GnuPG 2.0. - + commit 2f767f6a17f7e99da4075882f7fe3ca597b31bdb - * src/ath.c (ath_install): Call ath_init and declare Pth as - compatible. - -2013-10-02 Jussi Kivilinna - - sha512: fix building on ARM. - + commit 6410152338a2b2ac1216e70c153cd16f9199c94e - * cipher/sha512.c (transform) [USE_ARM_NEON_ASM]: Fix 'hd' to 'ctx'. - -2013-10-02 Werner Koch - - Remove deprecated control codes. - + commit f04a1db22d982627ba87da4e5df52df9b994c779 - * src/gcrypt.h.in (GCRYCTL_SET_KEY): Remove. - (GCRYCTL_SET_IV): Remove. - (GCRYCTL_SET_CTR): Remove. - * cipher/md.c (gcry_md_ctl): Remove deprecated GCRYCTL_SET_KEY. - * cipher/cipher.c (gcry_cipher_ctl): Remove deprecated - GCRYCTL_SET_KEY, GCRYCTL_SET_IV, GCRYCTL_SET_CTR. - -2013-10-02 Dmitry Eremin-Solenikov - - Fix errors when building with Clang on PPC. - + commit 33757c1e03f1d885920633edf543cd1c77999455 - * mpi/longlong.h (add_ssaaaa, sub_ddmmss, count_leading_zeros, - umul_ppmm): Do not cast asm output to USItype. - -2013-10-02 Werner Koch - - Remove last remains of the former module system. - + commit 628ed5ba0ef4b1f04b5a77e29e4bc49a1fe13c07 - * src/gcrypt-module.h, src/module.c: Remove. - * src/visibility.h: Do not include gcrypt-module.h. - * src/g10lib.h: Remove all prototypes from module.c - (gcry_module): Remove. - * cipher/cipher-internal.h (gcry_cipher_handle): Remove unused field. - - Fix missing prototype warning in visibility.c. - + commit 52783d483293d48cd468143ae6ae2cccbfe17200 - * src/ec-context.h (_gcry_mpi_ec_new): Move prototype to mpi.h. - - md: Simplify the message digest dispatcher md.c. - + commit 0d39997932617ba20656f8bcc230ba744b76c87e - * src/gcrypt-module.h (gcry_md_spec_t): Move to ... - * src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields - ALGO and FLAGS. Set these fields in all digest modules. - * cipher/md.c: Change most code to replace the former module - system by a simpler system to gain information about the algorithms. - -2013-10-01 Werner Koch - - cipher: Simplify the cipher dispatcher cipher.c. - + commit 3ca180b25e8df252fc16f802cfdc27496e307830 - * src/gcrypt-module.h (gcry_cipher_spec_t): Move to ... - * src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with - cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in - all cipher modules. - * cipher/cipher.c: Change most code to replace the former module - system by a simpler system to gain information about the algorithms. - (disable_pubkey_algo): Simplified. Not anymore thread-safe, though. - - * cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real - problem because both define the same function as their first field. - - * cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag. - - mpi: Fix gcry_mpi_neg. - + commit 4153fa859816e799e506055321a22e6450aacdcc - * mpi/mpiutil.c (_gcry_mpi_neg): Copy U to W. - -2013-10-01 Peter Wu - - cipher: Add support for 128-bit keys in RC2. - + commit 738177ec0eae05069ec61bc4f724a69d4e052e42 - * cipher/rfc2268.c (oids_rfc2268_128): New - (_gcry_cipher_spec_rfc2268_128): New. - * cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128. - -2013-09-30 Werner Koch - - ecc: Use faster b parameter for Ed25519. - + commit 1d85452412b65e7976bc94969fc513ff6b880ed8 - * cipher/ecc-curves.c (domain_parms): Replace b. - * tests/t-mpi-point.c (test_curve): Ditto. - - ecc: Prepare for future Ed25519 optimization. - + commit a2618c822e666d4121cba29bee3fd50bf70c9743 - * mpi/ec-ed25519.c: New but empty file. - * mpi/ec-internal.h: New. - * mpi/ec.c: Include ec-internal.h. - (ec_mod): New. - (ec_addm): Use ec_mod. - (ec_mulm): Remove commented code. Use ec_mod. - (ec_subm): Call simple sub. - (ec_pow2): Use ec_mulm. - (ec_mul2): New. - (dup_point_weierstrass): Use ec_mul2. - (dup_point_twistededwards): Add special case for a == -1. Use - ec_mul2. - (add_points_weierstrass): Use ec_mul2. - (add_points_twistededwards): Add special case for a == -1. - (_gcry_mpi_ec_curve_point): Ditto. - (ec_p_init): Add hack to test Barrett functions. - * src/ec-context.h (mpi_ec_ctx_s): Add P_BARRETT. - - * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Fix sign problem. - - ecc: Fix recomputing of Q for Ed25519. - + commit c325adb8f5092b80a626bd3bb5e49cf7f3a29fc8 - * cipher/ecc-misc.c (reverse_buffer): New. - (_gcry_ecc_compute_public): Add ED255519 specific code. - * cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get - rid of HASH_D. - * tests/t-mpi-point.c (context_param): Test recomputing of Q for - Ed25519. - - log: Try to print s-expressions in a more compact format. - + commit d69a13d3d1c14ad6a6aa7cd349d6d2dfb152d422 - * src/misc.c (count_closing_parens): New. - (_gcry_log_printsxp): Use new function. - * mpi/ec.c (_gcry_mpi_point_log): Take care of a NULL point. - -2013-09-30 Jussi Kivilinna - - Make Whirlpool use the _gcry_md_block_write helper. - + commit 68cefd0f1d60ac33b58031df9b1d165cb1bf0f14 - * cipher/whirlpool.c (whirlpool_context_t): Add 'bctx', remove - 'buffer', 'count' and 'nblocks'. - (whirlpool_init): Initialize 'bctx'. - (whirlpool_transform): Adjust context argument type and burn stack - depth. - (whirlpool_add): Remove. - (whirlpool_write): Use _gcry_md_block_write. - (whirlpool_final, whirlpool_read): Adjust for 'bctx' usage. - - whirlpool: add stack burning after transform. - + commit a96d622e1a36d40d1504b7ada567e90ec9957443 - * cipher/whirlpool.c (whirlpool_transform): Return burn stack depth. - (whirlpool_add): Do burn_stack. - - whirlpool: do bitcount calculation in finalization part. - + commit 10d7351411f19bb2c03d2e24ca5a38dabe45023b - * cipher/whirlpool.c (whirlpool_context_t): Remove 'length', add - 'nblocks'. - (whirlpool_add): Update 'nblocks' instead of 'length', and add early - return at one spot. - (whirlpool_write): Check for 'nblocks' overflow. - (whirlpool_final): Convert 'nblocks' to bit-counter, and use - whirlpool_write instead of whirlpool_add. - -2013-09-30 Werner Koch - - Add logging functions to the API. - + commit d2076f27bb7c5d505abf25fc622d21794c4a5df3 - * src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New. - (gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New. - (gcry_log_debugpnt, gcry_log_debugsxp): New. - * src/visibility.c (gcry_log_debug): New. - (gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New. - (gcry_log_debugsxp): New. - * src/libgcrypt.def, src/libgcrypt.vers: Add new functions. - * src/misc.c (_gcry_logv): Make public. - (_gcry_log_printsxp): New. - * src/g10lib.h (log_printsxp): New macro. - -2013-09-26 Jussi Kivilinna - - Make libgcrypt build with Clang on i386. - + commit db60d828137c4f3682ca4ca2a54fe3d96d3db5f9 - * cipher/longlong.h [__i386__] (add_ssaaaa, sub_ddmmss) - (umul_ppmm, udiv_qrnnd): Do not cast asm output to USItype. - -2013-09-25 Werner Koch - - mpi: Change not yet used _gcry_mpi_set_opaque_copy. - + commit 1c6660debdbf1e4c3e80074c846a3e3097f214bb - * mpi/mpiutil.c (_gcry_mpi_set_opaque_copy): Change prototype. - (_gcry_mpi_get_opaque_copy): Take care of gcry_malloc failure. - - sexp: Improve printing of data with a leading zero. - + commit 9b7c49971588edf6acfc74bfb797eb79d19cb350 - * src/sexp.c (suitable_encoding): Detect leading zero byte. - - ecc: Allow the name "q@eddsa" to get/set the public key. - + commit d6683d2a6065986a9198d2d2eaa02c005b68cea4 - * cipher/ecc-curves.c (_gcry_ecc_get_mpi): Support "q@eddsa". - (_gcry_ecc_set_mpi): Support "q". - * cipher/ecc.c (eddsa_encodepoint): Rename to ... - (_gcry_ecc_eddsa_encodepoint): this and make global. Remove arg - MINLEN and take from context. - (eddsa_decodepoint): Rename to - (_gcry_ecc_eddsa_decodepoint): this and make global. Remove arg LEN - and take from context. - (sign_eddsa, verify_eddsa): Take B from context. - (ecc_sign, ecc_verify): Add hack to set DIALECT. - (_gcry_pk_ecc_get_sexp): Use _gcry_ecc_compute_public. Handle EdDSA. - * src/ec-context.h (mpi_ec_ctx_s): Add field NBITS. - * mpi/ec.c (ec_p_init): Init NBITS. - * tests/t-mpi-point.c (test_curve): Add Ed25519. - (sample_ed25519_q): New. - (context_param): Check new sample key. - (hex2buffer, hex2mpiopa): New. - (cmp_mpihex): Take care of opaque MPIs. - - mpicalc: Add statement to compute the number of bits. - + commit 9a4447ccd1b90bcd701941e80a7f484a1825fcea - * src/mpicalc.c (do_nbits): New. - (main): Add statement 'b'. - - ecc: Refactor low-level access functions. - + commit 64a7d347847d606eb5f4c156e24ba060271b8f6b - * mpi/ec.c (point_copy): Move to cipher/ecc-curves.c. - (ec_get_reset): Rename to _gcry_mpi_ec_get_reset and make global. - (_gcry_mpi_ec_get_mpi): Factor most code out to _gcry_ecc_get_mpi. - (_gcry_mpi_ec_get_point): Factor most code out to _gcry_ecc_get_point. - (_gcry_mpi_ec_set_mpi): Factor most code out to _gcry_ecc_set_mpi. - (_gcry_mpi_ec_set_point): Factor most code out to _gcry_ecc_set_point. - * cipher/ecc-curves.c (_gcry_ecc_get_mpi): New. - (_gcry_ecc_get_point, _gcry_ecc_set_mpi, _gcry_ecc_set_point): New. - * cipher/ecc-misc.c (_gcry_ecc_compute_public): New. - - ecc: Fix highly unlikely endless loop in sign_ecdsa. - + commit 1f5f4452e5bca105ec2197a4facbf9778e7dc31e - * cipher/ecc.c (sign_ecdsa): Turn while-do into do-while loops. - -2013-09-24 Werner Koch - - ecc: Allow the use of an uncompressed public key. - + commit df013c9820709421ef9550158ac5df0060d73379 - * cipher/ecc.c (eddsa_encodepoint): Factor most code out to ... - (eddsa_encode_x_y): new fucntion. - (eddsa_decodepoint): Allow use of an uncompressed public key. - * tests/t-ed25519.c (N_TESTS): Adjust. - * tests/t-ed25519.inp: Add test 1025. - -2013-09-23 Werner Koch - - pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH. - + commit d5f91466695c5736f441c9bf1998436184a4bf61 - * src/gcrypt.h.in (GCRY_PK_ECC): New. - * cipher/pubkey.c (map_algo): New. - (spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it. - * cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC. - (run_selftests): Simplify. - (ecdh_names, ecdsa_names): Merge into a new ecc_names. - (_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new - _gcry_pubkey_spec_ecc. - - ec: Use mpi_mulm instead of mpi_powm. - + commit 4552437bb3c5ff96a889fd31e4bc504b2a12fac7 - * mpi/ec.c (ec_pow2): New. - (ec_powm): Remove call to mpi_abs. - (dup_point_weierstrass, dup_point_twistededwards) - (add_points_weierstrass, add_points_twistededwards) - (_gcry_mpi_ec_curve_point): Use ec_pow2. - -2013-09-21 Jussi Kivilinna - - bufhelp: enable fast unaligned memory accesses on powerpc. - + commit 925d4fb3e8f2df3c5566ec6b5df7620a3d3504e5 - * cipher/bufhelp.h [__powerpc__] (BUFHELP_FAST_UNALIGNED_ACCESS): Set - macro enabled. - [__powerpc64__] (BUFHELP_FAST_UNALIGNED_ACCESS): Ditto. - - Remove i386 inline assembly version of rotation functions. - + commit cfea5c28a3822e1e7e401e5107ebe07ba7fdcf37 - * cipher/bithelp.h (rol, ror): Remove i386 version, change - macros to inline functions. - * src/hmac256.c (ror): Ditto. - - Optimize and cleanup 32-bit and 64-bit endianess transforms. - + commit 9337e03824a5bdd3bbbcb8382cabefe6d6c32e1e - * cipher/bithelp.h (bswap32, bswap64, le_bswap32, be_bswap32) - (le_bswap64, be_bswap64): New. - * cipher/bufhelp.h (buf_get_be32, buf_get_le32, buf_put_le32) - (buf_put_be32, buf_get_be64, buf_get_le64, buf_put_be64) - (buf_put_le64): New. - * cipher/blowfish.c (do_encrypt_block, do_decrypt_block): Use new - endian conversion helpers. - (do_bf_setkey): Turn endian specific code to generic. - * cipher/camellia.c (GETU32, PUTU32): Use new endian conversion - helpers. - * cipher/cast5.c (rol): Remove, use rol from bithelp. - (F1, F2, F3): Fix to use rol from bithelp. - (do_encrypt_block, do_decrypt_block, do_cast_setkey): Use new endian - conversion helpers. - * cipher/des.c (READ_64BIT_DATA, WRITE_64BIT_DATA): Ditto. - * cipher/md4.c (transform, md4_final): Ditto. - * cipher/md5.c (transform, md5_final): Ditto. - * cipher/rmd160.c (transform, rmd160_final): Ditto. - * cipher/salsa20.c (LE_SWAP32, LE_READ_UINT32): Ditto. - * cipher/scrypt.c (READ_UINT64, LE_READ_UINT64, LE_SWAP32): Ditto. - * cipher/seed.c (GETU32, PUTU32): Ditto. - * cipher/serpent.c (byte_swap_32): Remove. - (serpent_key_prepare, serpent_encrypt_internal) - (serpent_decrypt_internal): Use new endian conversion helpers. - * cipher/sha1.c (transform, sha1_final): Ditto. - * cipher/sha256.c (transform, sha256_final): Ditto. - * cipher/sha512.c (__transform, sha512_final): Ditto. - * cipher/stribog.c (transform, stribog_final): Ditto. - * cipher/tiger.c (transform, tiger_final): Ditto. - * cipher/twofish.c (INPACK, OUTUNPACK): Ditto. - * cipher/whirlpool.c (buffer_to_block, block_to_buffer): Ditto. - * configure.ac (gcry_cv_have_builtin_bswap32): Check for compiler - provided __builtin_bswap32. - (gcry_cv_have_builtin_bswap64): Check for compiler provided - __builtin_bswap64. - - gostr3411_94: set better burn stack depth estimate. - + commit 7409de7bc28ff8847c9d71d8c3e35e1968d59d60 - * cipher/gost28147.c (_gcry_gost_enc_one): Account function stack to - burn stack depth. - * cipher/gostr3411-94.c (max): New macro. - (do_hash_step, transform): Return stack burn depth. - - Use hash transform function return type for passing burn stack depth. - + commit 592c2ab3deeeccbb6d3b078ed7bf0e6627c8e1fb - * cipher/gostr4311-94.c (transform): Return stack burn depth. - * cipher/hash-common.c (_gcry_md_block_write): Use stack burn depth - returned by 'hd->bwrite'. - * cipher/hash-common.h (_gcry_md_block_write_t): Change return type to - 'unsigned int'. - (gry_md_block_ctx_t): Remove 'stack_burn'. - * cipher/md4.c (transform): Return stack burn depth. - (md4_final): Use stack burn depth from transform. - * cipher/md5.c (transform): Return stack burn depth. - (md5_final): Use stack burn depth from transform. - * cipher/rmd160.c (transform): Return stack burn depth. - (rmd160_final): Use stack burn depth from transform. - * cipher/sha1.c (transform): Return stack burn depth. - (sha1_final): Use stack burn depth from transform. - * cipher/sha256.c (transform): Return stack burn depth. - (sha256_final): Use stack burn depth from transform. - * cipher/sha512.c (__transform, transform): Return stack burn depth. - (sha512_final): Use stack burn depth from transform. - * cipher/stribog.c (transform64): Return stack burn depth. - * cipher/tiger.c (transform): Return stack burn depth. - (tiger_final): Use stack burn depth from transform. - - Make STRIBOG use the new _gcry_md_block_write helper. - + commit 902ea6052c11108bd19333c31b03e084bed1fb86 - * cipher/stribog.c (STRIBOG_STRUCT): Add 'bctx' and remove 'buf' and - 'count'. - (stribog_init_512): Initialize 'bctx'. - (transform64): New function. - (stribog_write): Remove. - (stribog_final): Use _gcry_md_block_write and bctx. - (_gcry_digest_spec_stribog_256, _gcry_digest_spec_stribog_512): Use - _gcry_md_block_write. - - Make SHA-512 use the new _gcry_md_block_write helper. - + commit cce7449efe471b076c5a97929ac8907162011394 - * cipher/hash-common.c (_gcry_md_block_write): Check that hd->buf is - large enough. - * cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE, MD_NBLOCKS_TYPE): New - macros. - (gcry_md_block_ctx_t): Use above macros for 'nblocks' and 'buf'. - * cipher/sha512.c (SHA512_STATE): New struct. - (SHA512_CONTEXT): Add 'bctx' and 'state'. - (sha512_init, sha384_init): Initialize 'bctx'. - (__transform, _gcry_sha512_transform_armv7_neon): Use SHA512_STATE for - 'hd'. - (transform): For now, do not return burn stack. - (sha512_write): Remove. - (sha512_final): Use _gcry_md_block_write and bctx. - (_gcry_digest_spec_sha512, _gcry_digest_spec_sha384): Use - _gcry_md_block_write. - -2013-09-20 Werner Koch - - sexp: Change internal versions to always use gpg_err_code_t. - + commit 3e5cfa20acfeccb9df2c3fae2730344b40b36104 - * src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build) - (gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type - from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error. - * src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan) - (gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map - error codes via gpg_error. - * cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove - use gpg_err_code wrappers. - - pk: Move s-exp creation for gcry_pk_decrypt to the modules. - + commit 722bfc1e5f2268453db62f38cc46b5ec6ef3adee - * cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it - into FLAGS. - (gcry_pk_decrypt): Move result s-exp building into the modules. - * src/cipher-proto.h (gcry_pk_decrypt_t): Add some args. - * cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp. - * cipher/elgamal.c (elg_decrypt): Ditto. - * cipher/rsa.c (rsa_decrypt): Ditto. - (rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several - extra MPI allocations. - - pk: Remove unused function. - + commit 64cd7ab93da7c95cc8aa320c61c6e29f9e2399c4 - * cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove - -2013-09-19 Werner Koch - - Beautify debug output of the prime generator. - + commit 6576f0a7684292cb5691bfcabad0acca4c06c014 - * cipher/primegen.c: Adjust output of log_mpidump to recently changed - log_mpidump code changes. - - pk: Move s-expr creation for genkey to the modules. - + commit 1bf08850bf9343146c938bc03917417e16393e9a - * cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey - (gcry_pk_genkey): Move result s-exp creation into the modules. - * cipher/dsa.c (dsa_generate): Create result as s-exp. - * cipher/elgamal.c (elg_generate): Ditto. - * cipher/rsa.c (rsa_generate): Ditto. - * cipher/ecc.c (ecc_generate): Ditto. - * src/cipher-proto.h (pk_ext_generate_t): Remove type - (gcry_pk_spec): and remove from struct. - - tests: Beautify some diagnostics. - + commit 2fe084873333c4d67bcfba0b527d63cd3cff6c47 - * tests/benchmark.c (ecc_bench): Print the key sexp in very verbose - mode. - (main): Add option --pk-count. - * tests/keygen.c: Add Elgamal generation and improved diagnostics. - * tests/t-ed25519.c (check_ed25519): Print running number of tests - done. - - sexp: Improve printing data representing a negative number. - + commit b3f3d47d347c14ed41d755cee580f000309b9c03 - * src/sexp.c (suitable_encoding): Detect a negative number. - - pk: Move RSA encoding functions to a new file. - + commit 071f70b9a766187fc70f6abc6a69d50752449285 - * cipher/rsa-common: New. - * cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c - and rename to _gcry_rsa_pkcs1_encode_for_enc. - (pkcs1_decode_for_encryption): Move to rsa-common.c and rename to - _gcry_rsa_pkcs1_decode_for_enc. - (pkcs1_encode_for_signature): Move to rsa-common.c and rename to - _gcry_rsa_pkcs1_encode_for_sig. - (oaep_encode): Move to rsa-common.c and rename to - _gcry_rsa_oaep_encode. - (oaep_decode): Move to rsa-common.c and rename to - _gcry_rsa_oaep_decode. - (pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode. - (pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode. - (octet_string_from_mpi, mgf1): Move to rsa-common.c. - - pk: Move s-expr creation for sign and encrypt to the modules. - + commit eca9e2e50ddd4c9020fe1d4a9a3c77d20ebb90f6 - * cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt. - (pubkey_decrypt): Fold into gcry_pk_decrypt. - (pubkey_sign): Fold into gcry_pk_sign. - (pubkey_verify): Fold into gcry_pk_verify. - (octet_string_from_mpi): Make it a wrapper and factor code out to ... - * mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function. - - * src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New. - * cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings. - (gcry_pk_encrypt): Simply by moving the s-expr generation to the modules. - (gcry_pk_sign): Ditto. - * cipher/dsa.c (dsa_sign): Create s-expr. - * cipher/elgamal.c (elg_encrypt, elg_sign): Ditto. - * cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto. - * cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto. - (ecdsa_names): Add "eddsa". - * tests/t-ed25519.c (one_test): Expect "eddsa" token. - -2013-09-19 Dmitry Eremin-Solenikov - - Fix Stribog digest on bigendian platforms. - + commit d399faf5db71d429bfd6fa4a9cfc82e2a55055f0 - * cipher/stribog.c (stribog_final): swap bytes in the result of digest - calculations. - -2013-09-18 Werner Koch - - pk: Simplify the public key dispatcher pubkey.c. - + commit 85722afb379f7a392a8117b895de273fd88c4ebc - * src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS. - * cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields. - * cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto. - (_gcry_pubkey_spec_ecdh): Ditto. - * cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto. - * cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto - (_gcry_pubkey_spec_elg_e): New. - * cipher/pubkey.c: Change most code to replace the former module - system by a simpler system to gain information about the algorithms. - (disable_pubkey_algo): SImplified. Not anymore thread-safe, though. - - pk: Merge extraspecs struct with standard specs struct. - + commit 89103ce00e862cc709e80fa41f2ee13d54093ec5 - * src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the - corresponding function typedefs to ... - * src/cipher-proto.h: here. - (pk_extra_spec_t): Remove typedef and merge fields into - gcry_pk_spec_t. - * cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto. - * cipher/pubkey.c: Change accordingly. - * src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove. - (_gcry_pubkey_extraspec_dsa): Remove. - (_gcry_pubkey_extraspec_elg): Remove. - (_gcry_pubkey_extraspec_ecdsa): Remove. - -2013-09-18 Jussi Kivilinna - - Fix encryption/decryption return type for GOST28147. - + commit 2ad7ea9cb388fd31e4b0852b68d77f599ef4adce - * cipher/gost.h (_gcry_gost_enc_one): Change return type to - 'unsigned int'. - * cipher/gost28147.c (max): New macro. - (gost_encrypt_block, gost_decrypt_block): Return burn stack depth. - (_gcry_gost_enc_one): Return burn stack depth from gost_encrypt_block. - -2013-09-18 Dmitry Eremin-Solenikov - - doc: fix building of ps and pdf documentation. - + commit bd33fa21c9afc6c81e0da24016fc13001e9c7390 - * doc/gcrypt.texi, doc/gpl.texi, doc/lgpl.texi: fix texinfo errors. - - Add GOST R 34.11-2012 implementation (Stribog) - + commit c22064bdd773a807801e300aa9214b2fdcafcf20 - * src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256) - (GCRY_MD_GOSTR3411_12_512): New. - * cipher/stribog.c: New. - * configure.ac (available_digests_64): Add stribog. - * src/cipher.h: Declare Stribog declarations. - * cipher/md.c: Register Stribog digest. - * tests/basic.c (check_digests) Add 4 testcases for Stribog from - standard. - * doc/gcrypt.texi: Document new constants. - - Add basic implementation of GOST R 34.11-94 message digest. - + commit b0579baaa04fb91eabbbdc295bcabea04cf84056 - * src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New. - * cipher/gostr3411-94.c: New. - * configure.ac (available_digests): Add gostr3411-94. - * src/cipher.h: Add gostr3411-94 definitions. - * cipher/md.c: Register GOST R 34.11-94. - * tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94 - hash algo. Two are defined in the standard itself, two other are - more or less common tests - an empty string an exclamation mark. - * doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD - algorithms table. - - Separate common md block code. - + commit ecde77ad98690540abb21db08e5531297ed72bd0 - * cipher/hash-common.c (_gcry_md_block_write): New function to handle - block md operations. The current implementation is limited to 64 byte - buffer and u32 block counter. - - * cipher/md4.c, cipher/md5.c, cipher/rmd.h, cipher/rmd160.c - *cipher/sha1.c, cipher/sha256.c, cipher/tiger.c: Convert to use - _gcry_md_block_write. - - Add limited implementation of GOST 28147-89 cipher. - + commit 56b5949f71f501744998f5ebc12488ebf6f1c0b5 - * src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New. - * cipher/gost.h, cipher/gost28147.c: New. - * configure.ac (available_ciphers): Add gost28147. - * src/cipher.h: Add gost28147 definitions. - * cipher/cipher.c: Register gost28147. - * tests/basic.c (check_ciphers): Enable simple test for gost28147. - * doc/gcrypt.texi: document GCRY_CIPHER_GOST28147. - -2013-09-18 Werner Koch - - ecc: Add Ed25519 key generation and prepare for optimizations. - + commit 63cd3474425cb5a7ec4d1a56be15b248ecda4680 - * src/mpi.h (enum ecc_dialects): New. - * src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT. - * cipher/ecc-common.h (elliptic_curve_t): Ditto. - * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. - (domain_parms): Add dialect values. - (_gcry_ecc_fill_in_curve): Set dialect. - (_gcry_ecc_get_curve): Ditto. - (_gcry_mpi_ec_new): Ditto. - (_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now. - * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect. - (_gcry_ecc_dialect2str): New. - * mpi/ec.c (ec_p_init): Add arg DIALECT. - (_gcry_mpi_ec_p_internal_new): Ditto. - (_gcry_mpi_ec_p_new): Ditto. - - * mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag. - (_gcry_mpi_set_opaque_copy): New. - - * cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI. - * cipher/ecc.c (eddsa_generate_key): New. - (generate_key): Rename to nist_generate_key and factor some code out - to ... - (ecc_generate_ext): here. Divert to eddsa_generate_key if desired. - (eddsa_decodepoint): Take care of an opaque MPI. - (ecc_check_secret_key): Ditto. - (ecc_sign): Ditto. - * cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret - key as opaque MPIs. - (gcry_pk_genkey): Add the curve_name also to the private key part of - the result. - - * tests/benchmark.c (ecc_bench): Support Ed25519. - (main): Add option --debug. - * tests/curves.c (sample_key_2): Make sure that P and N are positive. - * tests/keygen.c (show): New. - (check_ecc_keys): Support Ed25519. - -2013-09-17 Werner Koch - - mpi: Support printing of negative numbers. - + commit 89fe2173649a72019d75e059e6c6938efd10421f - * mpi/mpicoder.c (twocompl, onecompl): New. - (gcry_mpi_print): Use it for STD and SSH. - (gcry_mpi_scan): Use it for STD and SSH. Always set NSCANNED. - (gcry_mpi_aprint): Clear the extra allocated byte. - * tests/t-convert.c (showhex, showmpi): New. - (mpi2bitstr_nlz): New. - (check_formats): New. - (main): Call new test. - -2013-09-16 Werner Koch - - Fix bug in _gcry_mpi_tdiv_q_2exp. - + commit a7a9cdcaaf3979baa18dad51e722882581349f45 - * mpi/mpi-internal.h (MPN_COPY_INCR): Make it work. - - ecc: Implement Curve Ed25519 signing and verification. - + commit bc5199a02abe428ad377443280b3eda60141a1d6 - * cipher/ecc-curves.c (domain_parms): Add curve "Ed25519". - * cipher/ecc.c (reverse_buffer): New. - (eddsa_encodempi): New. - (eddsa_encodepoint): New. - (eddsa_decodepoint): New. - (sign_eddsa): Implement. - (verify_eddsa): Implement. - (ecc_sign): Init unused Q. Pass public key to sign_eddsa. - (ecc_verify): Init pk.Q if not used. Pass public key verbatim to - verify_eddsa. - * cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all - callers to pass 0. - (sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract. - (sexp_data_to_mpi): Allow for a zero length "value". - (gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as - required. - * mpi/ec.c (ec_invm): Print a warning if the inverse does not exist. - (_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve - model. - (dup_point_twistededwards): Implement. - (add_points_twistededwards): Implement. - (_gcry_mpi_ec_mul_point): Support Twisted Edwards. - - * mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE. - (_gcry_mpi_get_buffer): Ditto. Change all callers. - (_gcry_mpi_get_secure_buffer): Ditto. - - * src/sexp.c (_gcry_sexp_nth_opaque_mpi): New. - - * tests/t-ed25519.c: New. - * tests/t-ed25519.inp: New. - * tests/t-mpi-point.c (basic_ec_math_simplified): Print some output - only in debug mode. - (twistededwards_math): New test. - (main): Call new test. - - mpi: Add internal convenience function. - + commit 44a2c34e90ed7de149952398787906d8823b636b - * mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New. - - mpi: Add debug function to print a point. - + commit 8ebc94d11a1eb93f2365c93f555e958700fdfbd4 - * mpi/ec.c (_gcry_mpi_point_log): New. - * src/mpi.h (log_printpnt): new macro. - - tests: Factor time measurement code out. - + commit 58eaf0c4332ac2f645ede28c4d18337389dfa753 - * tests/benchmark.c (started_at, stopped_at, start_timer, stop_timer) - (elapsed time): Factor out to .. - * tests/stopwatch.h: new file. - -2013-09-12 Werner Koch - - Fix _gcry_log_printmpi to print 00 instead of a sole sign. - + commit 1c76349c69c70a62b516a4f837c6287def640807 - * src/misc.c: Special case an mpi length of 0. - -2013-09-11 Werner Koch - - Streamline the use of the internal mpi and hex debug functions. - + commit e35ed615acc624a8b6c07576ea0650aac2bdb0db - * mpi/mpicoder.c (gcry_mpi_dump): Remove. - (_gcry_log_mpidump): Remove. - * src/misc.c (_gcry_log_printhex): Factor all code out to ... - (do_printhex): new. Add line wrapping a and compact printing. - (_gcry_log_printmpi): New. - * src/mpi.h (log_mpidump): Remove macro. - * src/g10lib.h (log_mpidump): Add compatibility macro. - (log_printmpi): New macro - * src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi. - * cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump - by log_printmpi. - (gcry_prime_group_generator): Ditto. - * cipher/pubkey.c: Remove extra colons from log_mpidump call. - * cipher/rsa.c (stronger_key_check): Use log_printmpi. - -2013-09-10 Werner Koch - - md: Add function gcry_md_hash_buffers. - + commit f3bca0c77c4979504f95fdbc618f7458e61e3e45 - * src/gcrypt.h.in (gcry_buffer_t): new. - (gcry_md_hash_buffers): New. - * src/visibility.c, src/visibility.h: Add wrapper for new function. - * src/libgcrypt.def, src/libgcrypt.vers: Export new function. - * cipher/md.c (gcry_md_hash_buffers): New. - * cipher/sha1.c (_gcry_sha1_hash_buffers): New. - * tests/basic.c (check_one_md_multi): New. - (check_digests): Run that test. - * tests/hmac.c (check_hmac_multi): New. - (main): Run that test. - - md: Fix Whirlpool flaw. - + commit 0a28b2d2c9181a536fc894e24626714832619923 - * cipher/whirlpool.c (whirlpool_add): Remove shortcut return so that - byte counter is always properly updated. - -2013-09-07 Jussi Kivilinna - - Fix static build on AMD64. - + commit 90fdf25f0dcc5feac7195ede55bd15948a11363e - * cipher/rijndael-amd64.S: Correct 'RIP' macro for non-PIC build. - - scrypt: fix for big-endian systems. - + commit 38a038a135d82231eff9d84f1ae3c4a25c6a5e75 - * cipher/scrypt.c (_salsa20_core): Fix endianess issues. - -2013-09-07 Werner Koch - - Use gcc "unused" attribute only with gcc >= 3.5. - + commit f7135e299e659d78906aac3dfdf30f380b5cf9c6 - * src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection. - -2013-09-07 Dmitry Eremin-Solenikov - - Add support for Salsa20/12 - 12 round version of Salsa20. - + commit ae6f6c47d2e0c536f3eab0823b5f23d26956cda2 - * src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New. - * src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support - for reduced round versions. - (salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement - Salsa20/12 - a 12 round version of Salsa20 selected by eStream. - * src/cipher.h: Declsare Salsa20/12 definition. - * cipher/cipher.c: Register Salsa20/12 - * tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block): - Populate Salsa20/12 tests with test vectors from ecrypt - (check_ciphers): Add simple test for Salsa20/12 - -2013-09-07 Werner Koch - - Add configure option --disable-amd64-as-feature-detection. - + commit 49d5b9dcd622cdc87fb02a211bd51e3d46345bf2 - * configure.ac: Implement new disable flag. - - mpi: Improve support for non-Weierstrass support. - + commit 4d8c8c7aa88cddb1624301957e6245405f46d027 - * mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers. - (_gcry_mpi_ec_p_internal_new): Ditto. - (_gcry_mpi_ec_p_new): Ditto. - * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return - GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model. - * cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto. - * cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking. - - mpi: Add gcry_mpi_ec_curve_point. - + commit ddfefe429660cc5d798f3517208936449247ae5c - * mpi/ec.c (_gcry_mpi_ec_curve_point): New. - (ec_powm): Return the absolute value. - * src/visibility.c, src/visibility.c: Add wrappers. - * src/libgcrypt.def, src/libgcrypt.vers: Export them. - - mpi: Add functions to manipulate the sign. - + commit 1bd2c67aa55b40589654d3fa5dea05cf1ed7dc5f - * src/gcrypt.h.in (gcry_mpi_is_neg): New. - (gcry_mpi_neg, gcry_mpi_abs): New. - * mpi/mpiutil.c (_gcry_mpi_is_neg): New. - (_gcry_mpi_neg, _gcry_mpi_abs): New. - * src/visibility.c, src/visibility.h: Add wrappers. - * src/libgcrypt.def, src/libgcrypt.vers: Export them. - * src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign. - * mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign. - * mpi/mpi-mpow.c (calc_barrett): Ditto. - * cipher/primegen.c (_gcry_derive_x931_prime): Ditto - * cipher/rsa.c (secret): Ditto. - -2013-09-06 Jussi Kivilinna - - Tune armv6 mpi assembly. - + commit 4e4440153258e2f0dfdcaa8443820af06984ecb1 - * mpi/armv6/mpih-mul1.S: Tune assembly for Cortex-A8. - * mpi/armv6/mpih-mul2.S: Ditto. - * mpi/armv6/mpih-mul3.S: Ditto. - -2013-09-05 Jussi Kivilinna - - Change _gcry_burn_stack take burn depth as unsigned integer. - + commit e0ae31fcce3bd57b24751ff3c82cba820e493c3a - * src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes. - - mpicalc: fix building on linux and win32. - + commit 50ec983666f0ca9d50c84aa1afad0d7bd5810779 - * src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD. - -2013-09-04 Werner Koch - - Change mpicalc to use Libgcrypt and install it. - + commit 1d23040b659661b4086c079cb9fd5f37189a7020 - * src/mpicalc.c: Make use of gcry_ functions. - (MPICALC_VERSION): New. Set to 2.0. - (strusage): Remove. - (scan_mpi): New. Replaces mpi_fromstr. - (print_mpi): New. Replaces mpi_print. - (my_getc): New. - (print_help): New. - (main): Use simple option parser and print version info. - * src/Makefile.am (bin_PROGRAMS): Add mpicalc. - (mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New. - - Add mpicalc.c to help with testing. - + commit a70c46e29c480fa0f56ab4814666a5b115f84fd7 - * src/mpicalc.c: Take from GnuPG 1.4 - - Prepare support for EdDSA. - + commit c47d4001033f68212d2847b3074a0bdda990342e - * src/cipher.h (PUBKEY_FLAG_EDDSA): New. - * cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by - CTX. Pass flags and hash algo to the verify function. Change all - verify functions to accept these args. - (sexp_data_to_mpi): Implement new flag "eddsa". - (gcry_pk_verify): Pass CTX instead of the compare function to - pubkey_verify. - * cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers. - (verify): Rename to verify_ecdsa. Change all callers. - (sign_eddsa, verify_eddsa): New stub functions. - (ecc_sign): Divert to sign_ecdsa or sign_eddsa. - (ecc_verify): Divert to verify_ecdsa or verify_eddsa. - - Prepare support for non-Weierstrass EC equations. - + commit c26be7a337d0bf98193bc58e043209e46d0769bb - * src/mpi.h (gcry_mpi_ec_models): New. - * src/ec-context.h (mpi_ec_ctx_s): Add MODEL. - * cipher/ecc-common.h (elliptic_curve_t): Ditto. - * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. - (domain_parms): Mark als as Weierstrass. - (_gcry_ecc_fill_in_curve): Check model. - (_gcry_ecc_get_curve): Set model to Weierstrass. - * cipher/ecc-misc.c (_gcry_ecc_model2str): New. - * cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the - debug output. - - * mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model. - Factor code out to ... - (dup_point_weierstrass): new. - (dup_point_montgomery, dup_point_twistededwards): New stub functions. - (_gcry_mpi_ec_add_points): Switch depending on model. Factor code out - to ... - (add_points_weierstrass): new. - (add_points_montgomery, add_points_twistededwards): New stub - functions. - - * tests/Makefile.am (TESTS): Reorder tests. - - mpi: Suppress newer gcc warnings. - + commit 8698530b2f9ef95542f1dd550961de7af86cc256 - * src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5. - * mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy - as unused. - * mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused. - - Do not check with cpp for typedefed constants. - + commit b28b1f732e1b4f9c62a9de87c22c6bb0d3f8fdb8 - * src/gcrypt-int.h: Include error code replacements depeding on the - version of libgpg-error. - -2013-09-04 Jussi Kivilinna - - Make _gcry_burn_stack use variable length array. - + commit 4b0edf53440239d3bcc95941980c062a0801a149 - * configure.ac (HAVE_VLA): Add check. - * src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code. - - Move stack burning from block ciphers to cipher modes. - + commit a3aaa6ad03388ea3eaa24304b604cb864633332f - * src/gcrypt-module.h (gcry_cipher_encrypt_t) - (gcry_cipher_decrypt_t): Return 'unsigned int'. - * cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return - zero. - (do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from - block cipher crypt function and burn stack at end. - * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) - (_gcry_cipher_aeswrap_decrypt): Ditto. - * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) - (_gcry_cipher_cbc_decrypt): Ditto. - * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) - (_gcry_cipher_cfb_decrypt): Ditto. - * cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto. - * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) - (_gcry_cipher_ofb_decrypt): Ditto. - * cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack - depth. - * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto. - * cipher/cast5.c (encrypt_block, decrypt_block): Ditto. - * cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt) - (do_des_encrypt, do_des_decrypt): Ditto. - * cipher/idea.c (idea_encrypt, idea_decrypt): Ditto. - * cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto. - * cipher/seed.c (seed_encrypt, seed_decrypt): Ditto. - * cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto. - * cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto. - * cipher/rfc2268.c (encrypt_block, decrypt_block): New. - (_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block. - -2013-09-01 Jussi Kivilinna - - camellia-aesni-avx2-amd64: Move register clearing to assembly functions. - + commit f3515240de9513ead975985c9f8ab714022cac8e - * cipher/camellia-aesni-avx2-amd64.S - (_gcry_camellia_aesni_avx2_ctr_enc): Add 'vzeroall'. - (_gcry_camellia_aesni_avx2_cbc_dec) - (_gcry_camellia_aesni_avx2_cfb_dec): Add 'vzeroupper' at head and - 'vzeroall' at tail. - * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) - (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX2]: Remove register - clearing. - - camellia-aesni-avx-amd64: Move register clearing to assembly functions. - + commit 8b735cb563dff7aafbf8a970972522b5621e665c - * cipher/camellia-aesni-avx-amd64.S (_gcry_camellia_aesni_avx_ctr_enc) - (_gcry_camellia_aesni_avx_cbc_dec) - (_gcry_camellia_aesni_avx_cfb_dec): Add 'vzeroupper' at head and - 'vzeroall' at tail. - * cipher/camellia-glue.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) - (_gcry_serpent_avx2_cfb_dec) [USE_AESNI_AVX]: Remove register clearing. - - serpent-avx2-amd64: Move register clearing to assembly. - + commit d12828cd821a4b4428eae19de5aee02cf536e536 - * cipher/serpent-avx2-amd64.S (_gcry_serpent_avx2_ctr_enc) - (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Change last - 'vzeroupper' to 'vzeroall'. - * cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) - (_gcry_serpent_avx2_cfb_dec) [USE_AVX2]: Remove register clearing with - 'vzeroall'. - - Fix building for x32 target. - + commit fd6721c235a5bdcb332c8eb708fbd4f96e52e824 - * mpi/amd64/mpi-asm-defs.h: New file. - * random/rndhw.c (poll_padlock) [__x86_64__]: Also check if __LP64__ is - defined. - [USE_DRNG, __x86_64__]: Also check if __LP64__ is defined. - -2013-08-31 Jussi Kivilinna - - sha512: add ARM/NEON assembly version of transform function. - + commit 99d15543b8d94a8f1ef66c6ccb862b0ce82c514d - * cipher/Makefile.am: Add 'sha512-armv7-neon.S'. - * cipher/sha512-armv7-neon.S: New file. - * cipher/sha512.c (USE_ARM_NEON_ASM): New macro. - (SHA512_CONTEXT) [USE_ARM_NEON_ASM]: Add 'use_neon'. - (sha512_init, sha384_init) [USE_ARM_NEON_ASM]: Enable 'use_neon' if - CPU support NEON instructions. - (k): Round constant array moved outside of 'transform' function. - (__transform): Renamed from 'tranform' function. - [USE_ARM_NEON_ASM] (_gcry_sha512_transform_armv7_neon): New prototype. - (transform): New wrapper function for different transform versions. - (sha512_write, sha512_final): Burn stack by the amount returned by - transform function. - * configure.ac (sha512) [neonsupport]: Add 'sha512-armv7-neon.lo'. - - sha512: reduce stack use in transform function by 512 bytes. - + commit 03da7f8ba3ec24d4639a2bcebbc0d9d831734c08 - * cipher/sha512.c (transform): Change 'u64 w[80]' to 'u64 w[16]' and - inline input expansion to first 64 rounds. - (sha512_write, sha512_final): Reduce burn_stack depth by 512 bytes. - - Add ARM HW feature detection module and add NEON detection. - + commit 9c95be105f518d18407115c2c06893857c24b116 - * configure.ac: Add option --disable-neon-support. - (HAVE_GCC_INLINE_ASM_NEON): New. - (ENABLE_NEON_SUPPORT): New. - [arm]: Add 'hwf-arm.lo' as HW feature module. - * src/Makefile.am: Add 'hwf-arm.c'. - * src/g10lib.h (HWF_ARM_NEON): New macro. - * src/global.c (hwflist): Add HWF_ARM_NEON entry. - * src/hwf-arm.c: New file. - * src/hwf-common.h (_gcry_hwf_detect_arm): New prototype. - * src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add - call to _gcry_hwf_detect_arm. - - Correct mpi_cpu_arch for ARMv6. - + commit 7b0ebe69fe35f2ee13e1e1beb2766a1eaadb7f0c - * mpi/config.links [armv6]: Set mpi_cpu_arch to "arm", instead of - "armv6". - -2013-08-30 Werner Koch - - mpi: Make gcry_mpi_print work with negative zeroes. - + commit e9b711e6ddb480a71d2996465074e436c752c005 - * mpi/mpicoder.c (gcry_mpi_print): Take care of negative zero. - (gcry_mpi_aprint): Allocate at least 1 byte. - * tests/t-convert.c: New. - * tests/Makefile.am (TESTS): Add t-convert. - - Refactor the ECC code into 3 files. - + commit 800d4e01376d52a94a157b53978c7c3f957fc476 - * cipher/ecc-common.h, cipher/ecc-curves.c, cipher/ecc-misc.c: New. - * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files. - * configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new .c files. - * cipher/ecc.c (curve_aliases, ecc_domain_parms_t, domain_parms) - (scanval): Move to ecc-curves.c. - (fill_in_curve): Move to ecc-curve.c as _gcry_ecc_fill_in_curve. - (ecc_get_curve): Move to ecc-curve.c as _gcry_ecc_get_curve. - (_gcry_mpi_ec_ec2os): Move to ecc-misc.c. - (ec2os): Move to ecc-misc.c as _gcry_ecc_ec2os. - (os2ec): Move to ecc-misc.c as _gcry_ecc_os2ec. - (point_set): Move as inline function to ecc-common.h. - (_gcry_ecc_curve_free): Move to ecc-misc.c as _gcry_ecc_curve_free. - (_gcry_ecc_curve_copy): Move to ecc-misc.c as _gcry_ecc_curve_copy. - (mpi_from_keyparam, point_from_keyparam): Move to ecc-curves.c. - (_gcry_mpi_ec_new): Move to ecc-curves.c. - (ecc_get_param): Move to ecc-curves.c as _gcry_ecc_get_param. - (ecc_get_param_sexp): Move to ecc-curves.c as _gcry_ecc_get_param_sexp. - -2013-08-22 Jussi Kivilinna - - serpent-sse2-amd64: Move register clearing to assembly functions. - + commit 040aa7688296e93659cb32ca31e9a001a6ab1edd - cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_ctr_enc) - (_gcry_serpent_sse2_cbc_dec, _gcry_serpent_sse2_cfb_dec): Clear used - XMM registers. - cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec) - ( _gcry_serpent_cfb_dec) [USE_SSE2]: Remove XMM register clearing from - bulk functions. - - twofish-amd64: do not make __twofish_dec_blk3 global. - + commit 82db04a6a0058cf870485459abe7c1659b138ec5 - * cipher/twofish-amd64.S (__twofish_dec_blk3): Do not export symbol as - global. - (__twofish_dec_blk3): Mark symbol as function. - -2013-08-20 Jussi Kivilinna - - mpi: add ARMv6 assembly. - + commit da327aef3fe24fdf98fffbc8aea69de42ed12456 - * mpi/armv6/mpi-asm-defs.h: New. - * mpi/armv6/mpih-add1.S: New. - * mpi/armv6/mpih-mul1.S: New. - * mpi/armv6/mpih-mul2.S: New. - * mpi/armv6/mpih-mul3.S: New. - * mpi/armv6/mpih-sub1.S: New. - * mpi/config.links [arm]: Enable ARMv6 assembly. - - Move ARMv6 detection to configure.ac. - + commit 151f1e518be2d16bed748ba832384b0472ddcf9b - * cipher/blowfish-armv6.S: Replace __ARM_ARCH >= 6 checks with - HAVE_ARM_ARCH_V6. - * cipher/blowfish.c: Ditto. - * cipher/camellia-armv6.S: Ditto. - * cipher/camellia.h: Ditto. - * cipher/cast5-armv6.S: Ditto. - * cipher/cast5.c: Ditto. - * cipher/rijndael-armv6.S: Ditto. - * cipher/rijndael.c: Ditto. - * configure.ac: Add HAVE_ARM_ARCH_V6 check. - -2013-08-19 Jussi Kivilinna - - Add optimized wipememory for ARM. - + commit c030e33533fb819afe195eff5f89ec39863b1fbc - src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head) - (fast_wipememory2): New macros. - - cipher: bufhelp: allow unaligned memory accesses on ARM. - + commit 796dda37b957b20dba391343937c6325a8c8b288 - * cipher/bufhelp.h [__arm__ && __ARM_FEATURE_UNALIGNED]: Enable - BUFHELP_FAST_UNALIGNED_ACCESS. - -2013-08-17 Jussi Kivilinna - - Remove burn_stack optimization. - + commit 79895b9459b9bf8c60cb7abf09d5bf16ed0cf6e3 - * src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8 - optimization. - -2013-08-16 Jussi Kivilinna - - camellia: add ARMv6 assembly implementation. - + commit cafadc1e4fb97581262b0081ba251e05613d4394 - * cipher/Makefile.am: Add 'camellia-armv6.S'. - * cipher/camellia-armv6.S: New file. - * cipher/camellia-glue.c [USE_ARMV6_ASM] - (_gcry_camellia_armv6_encrypt_block) - (_gcry_camellia_armv6_decrypt_block): New prototypes. - [USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock) - (camellia_encrypt, camellia_decrypt): New functions. - * cipher/camellia.c [!USE_ARMV6_ASM]: Compile encryption and decryption - routines if USE_ARMV6_ASM macro is _not_ defined. - * cipher/camellia.h (USE_ARMV6_ASM): New macro. - [!USE_ARMV6_ASM] (Camellia_EncryptBlock, Camellia_DecryptBlock): If - USE_ARMV6_ASM is defined, disable these function prototypes. - (camellia) [arm]: Add 'camellia-armv6.lo'. - - blowfish: add ARMv6 assembly implementation. - + commit 31e4b1a96a07e9a3698fcb7be0643a136ebb8e5c - * cipher/Makefile.am: Add 'blowfish-armv6.S'. - * cipher/blowfish-armv6.S: New file. - * cipher/blowfish.c (USE_ARMV6_ASM): New macro. - [USE_ARMV6_ASM] (_gcry_blowfish_armv6_do_encrypt) - (_gcry_blowfish_armv6_encrypt_block) - (_gcry_blowfish_armv6_decrypt_block, _gcry_blowfish_armv6_ctr_enc) - (_gcry_blowfish_armv6_cbc_dec, _gcry_blowfish_armv6_cfb_dec): New - prototypes. - [USE_ARMV6_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) - (encrypt_block, decrypt_block): New functions. - (_gcry_blowfish_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (_gcry_blowfish_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (_gcry_blowfish_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - * configure.ac (blowfish) [arm]: Add 'blowfish-armv6.lo'. - - cast5: add ARMv6 assembly implementation. - + commit 8d1faf56714598301580ce370e0bfa6d65e73644 - * cipher/Makefile.am: Add 'cast5-armv6.S'. - * cipher/cast5-armv6.S: New file. - * cipher/cast5.c (USE_ARMV6_ASM): New macro. - (CAST5_context) [USE_ARMV6_ASM]: New members 'Kr_arm_enc' and - 'Kr_arm_dec'. - [USE_ARMV6_ASM] (_gcry_cast5_armv6_encrypt_block) - (_gcry_cast5_armv6_decrypt_block, _gcry_cast5_armv6_ctr_enc) - (_gcry_cast5_armv6_cbc_dec, _gcry_cast5_armv6_cfb_dec): New prototypes. - [USE_ARMV6_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) - (decrypt_block): New functions. - (_gcry_cast5_ctr_enc) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (_gcry_cast5_cbc_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (_gcry_cast5_cfb_dec) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (do_cast_setkey) [USE_ARMV6_ASM]: Initialize 'Kr_arm_enc' and - 'Kr_arm_dec'. - * configure.ac (cast5) [arm]: Add 'cast5-armv6.lo'. - -2013-08-14 Jussi Kivilinna - - rijndael: add ARMv6 assembly implementation. - + commit f365961422f1c8b3d89b8bcd9c99828f38c1f158 - * cipher/Makefile.am: Add 'rijndael-armv6.S'. - * cipher/rijndael-armv6.S: New file. - * cipher/rijndael.c (USE_ARMV6_ASM): New macro. - [USE_ARMV6_ASM] (_gcry_aes_armv6_encrypt_block) - (_gcry_aes_armv6_decrypt_block): New prototypes. - (do_encrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (do_encrypt): Disable input/output alignment when USE_ARMV6_ASM. - (do_decrypt_aligned) [USE_ARMV6_ASM]: Use ARMv6 assembly function. - (do_decrypt): Disable input/output alignment when USE_ARMV6_ASM. - * configure.ac (HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS): New check for - gcc/as compatibility with ARM assembly implementations. - (aes) [arm]: Add 'rijndael-armv6.lo'. - -2013-08-09 NIIBE Yutaka - - cipher: fix memory leak. - + commit 2b5bbe264fcd61e5e458e5f71a6507ba0271c729 - * cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC, - where there is NULL whichi is not the sentinel. - -2013-08-08 Werner Koch - - mpi: Clear immutable flag on the result of gcry_mpi_set. - + commit 426cbc9feca0c8f46208fb3670adab95f9e46087 - * mpi/mpiutil.c (gcry_mpi_set): Reset immutable and const flags. - * tests/mpitests.c (test_const_and_immutable): Add a test for this. - -2013-08-07 NIIBE Yutaka - - tests: fix memory leaks. - + commit cc082642c1b0f2a3e9ca78e1ffd3f64417c204bd - * tests/benchmark.c (dsa_bench): Release SIG. - - * tests/mpitests.c (test_powm): Release BASE, EXP, MOD, and RES. - - * tests/prime.c (check_primes): Release PRIME. - - * tests/tsexp.c (basic): Use intermediate variable M for constant. - Release S1, S2 and A. - -2013-08-07 Jussi Kivilinna - - Fix building on W32 (cannot export symbol 'gcry_sexp_get_buffer') - + commit 065d446478bf68553339fc77a89b8369bd110a18 - * src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to - 'gcry_sexp_nth_buffer'. - -2013-08-06 NIIBE Yutaka - - cipher: fix another memory leak. - + commit 9a421813123a2f5db0a91eaee4a45138efc9ad34 - * cipher/ecc.c (ecc_get_curve): Free TMP. - - tests: fix memory leaks. - + commit 87eddc31ccba6decbddd1761dd42a208666cd311 - * tests/pubkey.c (check_keys_crypt): Release L, X0, and X1. - (check_keys): Release X. - - cipher: fix memory leaks. - + commit ae6ffd9af38cbcac57c220960f683aab91db85cb - * cipher/elgamal.c (elg_generate_ext): Free XVALUE. - - * cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop. - Call mpi_free. - (sexp_elements_extract_ecc): Call mpi_free. - -2013-08-05 Werner Koch - - mpi: Improve gcry_mpi_invm to detect bad input. - + commit d8e99a04dba6a606e879464cd11deee760d1e000 - * mpi/mpi-inv.c (gcry_mpi_invm): Return 0 for bad input. - -2013-07-31 Dmitry Eremin-Solenikov - - Correct checks for ecc secret key. - + commit 10dfa41b43a906031bc674ea41cd3073701011f3 - * cipher/ecc.c (check_secret_key): replace wrong comparison of Q and - sk->Q points with correct one. - -2013-07-29 Werner Koch - - sexp: Allow white space anywhere in a hex format. - + commit 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91 - * src/sexp.c (hextobyte): Remove. - (hextonibble): New. - (vsexp_sscan): Skip whtespace between hex nibbles. - - Implement deterministic ECDSA as specified by rfc-6979. - + commit 6e0a9786637d649b48aae0e611a12e12beef9b3b - * cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque - MPI as INPUT. Implement rfc-6979. - (ecc_sign): Remove the opaque MPI code and pass FLAGS to sign. - (verify): Do not allocate and compute Y; it is not used. - (ecc_verify): Truncate the hash value if needed. - * tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases. - -2013-07-26 Werner Koch - - Implement deterministic DSA as specified by rfc-6979. - + commit 1cfa79aabc5d0fd8d124901054475e90ab7d9cde - * cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign. - (sign): Add args FLAGS and HASHALGO. Implement deterministic DSA. - Add code path for R==0 to comply with the standard. - (dsa_verify): Left fill opaque mpi based hash values. - * cipher/dsa-common.c (int2octets, bits2octets): New. - (_gcry_dsa_gen_rfc6979_k): New. - * tests/dsa-rfc6979.c: New. - * tests/Makefile.am (TESTS): Add dsa-rfc6979. - - Allow the use of a private-key s-expression with gcry_pk_verify. - + commit b72d312ad11887fc416aa821786f6bdb663c0f4a - * cipher/pubkey.c (sexp_to_key): Fallback to private key. - -2013-07-25 Werner Koch - - Mitigate a flush+reload cache attack on RSA secret exponents. - + commit 287bf0e543f244d784cf8b58340bf0ab3c6aba97 - * mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for - exponents in secure memory. - -2013-07-19 Werner Koch - - pk: Allow the use of a hash element for DSA sign and verify. - + commit 37d0a1ebdc2dc74df4fb6bf0621045018122a68f - * cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign - module. - (gcry_pk_sign): Pass CTX to pubkey_sign. - (sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA - * cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque - MPI is given for DATA/HASH. - * cipher/elgamal.c (elg_sign, elg_verify): Ditto. - * cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI. - * cipher/ecc.c (ecc_sign, ecc_verify): Ditto. - * tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash - element with DSA. - - sexp: Add function gcry_sexp_nth_buffer. - + commit 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91 - * src/sexp.c (gcry_sexp_nth_buffer): New. - * src/visibility.c, src/visibility.h: Add function wrapper. - * src/libgcrypt.vers, src/libgcrypt.def: Add to API. - * src/gcrypt.h.in: Add prototype. - -2013-07-18 Werner Koch - - Add support for Salsa20. - + commit c4885092088431e7928e4459fda20cc0e8ceb201 - * src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New. - * cipher/salsa20.c: New. - * configure.ac (available_ciphers): Add Salsa20. - * cipher/cipher.c: Register Salsa20. - (cipher_setiv): Allow to divert an IV to a cipher module. - * src/cipher-proto.h (cipher_setiv_func_t): New. - (cipher_extra_spec): Add field setiv. - * src/cipher.h: Declare Salsa20 definitions. - * tests/basic.c (check_stream_cipher): New. - (check_stream_cipher_large_block): New. - (check_cipher_modes): Run new test functions. - (check_ciphers): Add simple test for Salsa20. - -2013-07-17 Werner Koch - - Allow gcry_mpi_dump to print opaque MPIs. - + commit 364d019e3ffedfcb434576702f73e767cb9389ef - * mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs. - * tests/mpitests.c (test_opaque): New. - (main): Call new test. - - cipher: Prepare to pass extra info to the sign functions. - + commit 5940e66cbefea3de5924f494f18aed69bb694bff - * src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo. - * cipher/rsa.c (rsa_sign): Add parms and mark them as unused. - * cipher/dsa.c (dsa_sign): Ditto. - * cipher/elgamal.c (elg_sign): Ditto. - * cipher/pubkey.c (dummy_sign): Ditto. - (pubkey_sign): Pass 0 for the new args. - - Fix a special case bug in mpi_powm for e==0. - + commit 6e1adb05d290aeeb1c230c763970695f4a538526 - * mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that - the result has been allocated. - -2013-07-15 Dmitry Eremin-Solenikov - - Fix memory leak in t-mpi-point test. - + commit a7b80e9fba6b1b095f7c53469747967b40ebfbfd - * tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add - calls to gcry_ctx_release() to free contexts after they become unused. - -2013-07-10 Jussi Kivilinna - - Fix 'Please include winsock2.h before windows.h' warnings with mingw32. - + commit d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104 - * random/rndw32.c: include winsock2.h before windows.h. - * src/ath.h [_WIN32]: Ditto. - * tests/benchmark.c [_WIN32]: Ditto. - - Remove duplicate header from mpi/amd64/mpih-mul2.S. - + commit c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da - * mpi/amd64/mpih-mul2.S: remove duplicated header. - - Fix i386/amd64 inline assembly "cc" clobbers. - + commit ed0a598172208ec67234a4edd73189bf6808fd04 - * cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber - for inline assembly. - * cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto. - * random/rndhw.c [USE_DRNG] (rdrand_long): Ditto. - * src/hmac256.c [__GNUC__, __i386__] (ror): Ditto. - * mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm) - (udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto. - - bufhelp: Suppress 'cast increases required alignment' warning. - + commit c3902a6b5cea9acef2e15fbee24eb601eeb25168 - * cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast - to larger element pointer through (void *) to suppress -Wcast-error. - - mpi: Add __ARM_ARCH for older GCC. - + commit 97f392f43cf2e4da1297cbecacbfbff33a869478 - * mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by - compiler. - - mpi: add missing "cc" clobber for ARM assembly. - + commit 8aa4f2161cf643ce36d87d2e2786b546736f8232 - * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. - [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto. - - Tweak ARM inline assembly for mpi. - + commit 71dda4507053379433dc8b0fc6462c15de7299df - mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is - defined. - [__arm__]: Use __ARCH_ARM when defined. - [__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New. - -2013-06-26 Werner Koch - - Make gpg-error replacement defines more robust. - + commit 6540b84a6e9113813e7e49e3ad2024d4a0073300 - * configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ... - * src/gcrypt-int.h: new file. - * src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h. - * tests/: Ditto for all test files. - -2013-06-20 Jussi Kivilinna - - Check if assembler is compatible with AMD64 assembly implementations. - + commit 3544fa8aa63bef9a35abf236e9376191b5ec206b - * cipher/blowfish-amd64.S: Enable only if - HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined. - * cipher/camellia-aesni-avx-amd64.S: Ditto. - * cipher/camellia-aesni-avx2-amd64.S: Ditto. - * cipher/cast5-amd64.S: Ditto. - * cipher/rinjdael-amd64.S: Ditto. - * cipher/serpent-avx2-amd64.S: Ditto. - * cipher/serpent-sse2-amd64.S: Ditto. - * cipher/twofish-amd64.S: Ditto. - * cipher/blowfish.c: Use AMD64 assembly implementation only if - HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is defined - * cipher/camellia-glue.c: Ditto. - * cipher/cast5.c: Ditto. - * cipher/rijndael.c: Ditto. - * cipher/serpent.c: Ditto. - * cipher/twofish.c: Ditto. - * configure.ac: Check gcc/as compatibility with AMD64 assembly - implementations. - -2013-06-09 Jussi Kivilinna - - Optimize _gcry_burn_stack for 32-bit and 64-bit architectures. - + commit ec2f8de409a93c80efa658134df22074a9bca5a4 - * src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit - architectures. - - Add Camellia AES-NI/AVX2 implementation. - + commit d94ec5f5f8a5d40a7d344025aa466f276f9718df - * cipher/Makefile.am: Add 'camellia-aesni-avx2-amd64.S'. - * cipher/camellia-aesni-avx2-amd64.S: New file. - * cipher/camellia-glue.c (USE_AESNI_AVX2): New macro. - (CAMELLIA_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'. - [USE_AESNI_AVX2] (_gcry_camellia_aesni_avx2_ctr_enc) - (_gcry_camellia_aesni_avx2_cbc_dec) - (_gcry_camellia_aesni_avx2_cfb_dec): New prototypes. - (camellia_setkey) [USE_AESNI_AVX2]: Check AVX2+AES-NI capable hardware - and set 'ctx->use_aesni_avx2'. - (_gcry_camellia_ctr_enc) [USE_AESNI_AVX2]: Add AVX2 accelerated code. - (_gcry_camellia_cbc_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. - (_gcry_camellia_cfb_dec) [USE_AESNI_AVX2]: Add AVX2 accelerated code. - (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' - so that AVX2 codepaths get tested. - * configure.ac (camellia) [avx2support, aesnisupport]: Add - 'camellia-aesni-avx2-amd64.lo'. - - Add Serpent AVX2 implementation. - + commit e7ab4e1a7396f4609b9033207015b239ab4a5140 - * cipher/Makefile.am: Add 'serpent-avx2-amd64.S'. - * cipher/serpent-avx2-amd64.S: New file. - * cipher/serpent.c (USE_AVX2): New macro. - (serpent_context_t) [USE_AVX2]: Add 'use_avx2'. - [USE_AVX2] (_gcry_serpent_avx2_ctr_enc, _gcry_serpent_avx2_cbc_dec) - (_gcry_serpent_avx2_cfb_dec): New prototypes. - (serpent_setkey_internal) [USE_AVX2]: Check for AVX2 capable hardware - and set 'use_avx2'. - (_gcry_serpent_ctr_enc) [USE_AVX2]: Use AVX2 accelerated functions. - (_gcry_serpent_cbc_dec) [USE_AVX2]: Use AVX2 accelerated functions. - (_gcry_serpent_cfb_dec) [USE_AVX2]: Use AVX2 accelerated functions. - (selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Grow 'nblocks' - so that AVX2 codepaths are tested. - * configure.ac (serpent) [avx2support]: Add 'serpent-avx2-amd64.lo'. - - Add detection for Intel AVX2 instruction set. - + commit 3289bca708bdd02c69a331095ac6ca9a1efd74cc - * configure.ac: Add option --disable-avx2-support. - (HAVE_GCC_INLINE_ASM_AVX2): New. - (ENABLE_AVX2_SUPPORT): New. - * src/g10lib.h (HWF_INTEL_AVX2): New. - * src/global.c (hwflist): Add HWF_INTEL_AVX2. - * src/hwf-x86.c [__i386__] (get_cpuid): Initialize registers to zero - before cpuid. - [__x86_64__] (get_cpuid): Initialize registers to zero before cpuid. - (detect_x86_gnuc): Store maximum cpuid level. - (detect_x86_gnuc) [ENABLE_AVX2_SUPPORT]: Add detection for AVX2. - - twofish: add amd64 assembly implementation. - + commit d325ab5d86e6107a46007a4d0131122bbd719f8c - * cipher/Makefile.am: Add 'twofish-amd64.S'. - * cipher/twofish-amd64.S: New file. - * cipher/twofish.c (USE_AMD64_ASM): New macro. - [USE_AMD64_ASM] (_gcry_twofish_amd64_encrypt_block) - (_gcry_twofish_amd64_decrypt_block, _gcry_twofish_amd64_ctr_enc) - (_gcry_twofish_amd64_cbc_dec, _gcry_twofish_amd64_cfb_dec): New - prototypes. - [USE_AMD64_ASM] (do_twofish_encrypt, do_twofish_decrypt) - (twofish_encrypt, twofish_decrypt): New functions. - (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec) - (selftest_ctr, selftest_cbc, selftest_cfb): New functions. - (selftest): Call new bulk selftests. - * cipher/cipher.c (gcry_cipher_open) [USE_TWOFISH]: Register Twofish - bulk functions for ctr-enc, cbc-dec and cfb-dec. - * configure.ac (twofish) [x86_64]: Add 'twofish-amd64.lo'. - * src/cipher.h (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec) - (gcry_twofish_cfb_dec): New prototypes. - -2013-05-29 Jussi Kivilinna - - rinjdael: add amd64 assembly implementation. - + commit 7317fcfadf00789df140e51c0d16b60f6b144b59 - * cipher/Makefile.am: Add 'rijndael-amd64.S'. - * cipher/rijndael-amd64.S: New file. - * cipher/rijndael.c (USE_AMD64_ASM): New macro. - [USE_AMD64_ASM] (_gcry_aes_amd64_encrypt_block) - (_gcry_aes_amd64_decrypt_block): New prototypes. - (do_encrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. - (do_encrypt): Disable input/output alignment when USE_AMD64_ASM is set. - (do_decrypt_aligned) [USE_AMD64_ASM]: Use amd64 assembly function. - (do_decrypt): Disable input/output alignment when USE_AMD64_AES is set. - * configure.ac (aes) [x86-64]: Add 'rijndael-amd64.lo'. - - blowfish: add amd64 assembly implementation. - + commit 9a61edd1f00cefe8ffa3ad54a53eed163883053c - * cipher/Makefile.am: Add 'blowfish-amd64.S'. - * cipher/blowfish-amd64.S: New file. - * cipher/blowfish.c (USE_AMD64_ASM): New macro. - [USE_AMD64_ASM] (_gcry_blowfish_amd64_do_encrypt) - (_gcry_blowfish_amd64_encrypt_block) - (_gcry_blowfish_amd64_decrypt_block, _gcry_blowfish_amd64_ctr_enc) - (_gcry_blowfish_amd64_cbc_dec, _gcry_blowfish_amd64_cfb_dec): New - prototypes. - [USE_AMD64_ASM] (do_encrypt, do_encrypt_block, do_decrypt_block) - (encrypt_block, decrypt_block): New functions. - (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) - (_gcry_blowfish_cfb_dec, selftest_ctr, selftest_cbc, selftest_cfb): New - functions. - (selftest): Call new bulk selftests. - * cipher/cipher.c (gcry_cipher_open) [USE_BLOWFISH]: Register Blowfish - bulk functions for ctr-enc, cbc-dec and cfb-dec. - * configure.ac (blowfish) [x86_64]: Add 'blowfish-amd64.lo'. - * src/cipher.h (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec) - (gcry_blowfish_cfb_dec): New prototypes. - -2013-05-24 Werner Koch - - ecc: Simplify the compliant point generation. - + commit 99b18aa536703ef90c9a1f5c8f40bc68b2064593 - * cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded - variable copies, etc. - - ecc: Fix a minor flaw in the generation of K. - + commit 9711384f75564a71979e3fb971b5f4cadcf1afef - * cipher/dsa.c (gen_k): Factor code out to .. - * cipher/dsa-common.c (_gcry_dsa_gen_k): new file and function. Add - arg security_level and re-indent a bit. - * cipher/ecc.c (gen_k): Remove and change callers to _gcry_dsa_gen_k. - * cipher/dsa.c: Include pubkey-internal. - * cipher/Makefile.am (libcipher_la_SOURCES): Add dsa-common.c - -2013-05-24 Jussi Kivilinna - - cast5: add amd64 assembly implementation. - + commit 0bdf26eea8cdbffefe7e37578f8f896c4f5f5275 - * cipher/Makefile.am: Add 'cast5-amd64.S'. - * cipher/cast5-amd64.S: New file. - * cipher/cast5.c (USE_AMD64_ASM): New macro. - (_gcry_cast5_s1tos4): Merge arrays s1, s2, s3, s4 to single array to - simplify access from assembly implementation. - (s1, s2, s3, s4): New macros pointing to subarrays in - _gcry_cast5_s1tos4. - [USE_AMD64_ASM] (_gcry_cast5_amd64_encrypt_block) - (_gcry_cast5_amd64_decrypt_block, _gcry_cast5_amd64_ctr_enc) - (_gcry_cast5_amd64_cbc_dec, _gcry_cast5_amd64_cfb_dec): New prototypes. - [USE_AMD64_ASM] (do_encrypt_block, do_decrypt_block, encrypt_block) - (decrypt_block): New functions. - (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec) - (selftest_ctr, selftest_cbc, selftest_cfb): New functions. - (selftest): Call new bulk selftests. - * cipher/cipher.c (gcry_cipher_open) [USE_CAST5]: Register CAST5 bulk - functions for ctr-enc, cbc-dec and cfb-dec. - * configure.ac (cast5) [x86_64]: Add 'cast5-amd64.lo'. - * src/cipher.h (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec) - (gcry_cast5_cfb_dec): New prototypes. - - cipher-selftest: make selftest work with any block-size. - + commit ab8fc70b5f0c396a5bc941267f59166e860b8c5d - * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) - (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed - functions from '_128' to ''. - (_gcry_selftest_helper_cbc, _gcry_selftest_helper_cfb) - (_gcry_selftest_helper_ctr): Make work with different block sizes. - * cipher/cipher-selftest.h (_gcry_selftest_helper_cbc_128) - (_gcry_selftest_helper_cfb_128, _gcry_selftest_helper_ctr_128): Renamed - prototypes from '_128' to ''. - * cipher/camellia-glue.c (selftest_ctr_128, selftest_cfb_128) - (selftest_ctr_128): Change to use new function names. - * cipher/rijndael.c (selftest_ctr_128, selftest_cfb_128) - (selftest_ctr_128): Change to use new function names. - * cipher/serpent.c (selftest_ctr_128, selftest_cfb_128) - (selftest_ctr_128): Change to use new function names. - -2013-05-23 Jussi Kivilinna - - serpent: add parallel processing for CFB decryption. - + commit 6deb0ccdf718a0670f80e6762a3842caf76437d6 - * cipher/cipher.c (gcry_cipher_open): Add bulf CFB decryption function - for Serpent. - * cipher/serpent-sse2-amd64.S (_gcry_serpent_sse2_cfb_dec): New - function. - * cipher/serpent.c (_gcry_serpent_sse2_cfb_dec): New prototype. - (_gcry_serpent_cfb_dec) New function. - (selftest_cfb_128) New function. - (selftest) Call selftest_cfb_128. - * src/cipher.h (_gcry_serpent_cfb_dec): New prototype. - - camellia: add parallel processing for CFB decryption. - + commit b60f06f70227c1e69e1010da8b47ea51ade48145 - * cipher/camellia-aesni-avx-amd64.S - (_gcry_camellia_aesni_avx_cfb_dec): New function. - * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_cfb_dec): New - prototype. - (_gcry_camellia_cfb_dec): New function. - (selftest_cfb_128): New function. - (selftest): Call selftest_cfb_128. - * cipher/cipher.c (gry_cipher_open): Add bulk CFB decryption function - for Camellia. - * src/cipher.h (_gcry_camellia_cfb_dec): New prototype. - - rinjdael: add parallel processing for CFB decryption with AES-NI. - + commit 319ee14f2aab8db56a830fd7ac8926f91b4f738a - * cipher/cipher-selftest.c (_gcry_selftest_helper_cfb_128): New - function for CFB selftests. - * cipher/cipher-selftest.h (_gcry_selftest_helper_cfb_128): New - prototype. - * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_vec4): New function. - (_gcry_aes_cfb_dec) [USE_AESNI]: Add parallelized CFB decryption. - (selftest_cfb_128): New function. - (selftest): Call selftest_cfb_128. - -2013-05-23 Werner Koch - - Avoid compiler warning due to the global symbol setkey. - + commit b402de8b9c4a9f269faf03ca952b1eb68a1f33c8 - * cipher/cipher-selftest.c (_gcry_selftest_helper_cbc_128) - (_gcry_selftest_helper_ctr_128): Rename setkey to setkey_func. - -2013-05-23 Jussi Kivilinna - - serpent: add SSE2 accelerated amd64 implementation. - + commit 2fd06e207dcea1d8a7f0e7e92f3359615a99421b - * configure.ac (serpent): Add 'serpent-sse2-amd64.lo'. - * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add - 'serpent-sse2-amd64.S'. - * cipher/cipher.c (gcry_cipher_open) [USE_SERPENT]: Register bulk - functions for CBC-decryption and CTR-mode. - * cipher/serpent.c (USE_SSE2): New macro. - [USE_SSE2] (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec): - New prototypes to assembler functions. - (serpent_setkey): Set 'serpent_init_done' before calling serpent_test. - (_gcry_serpent_ctr_enc): New function. - (_gcry_serpent_cbc_dec): New function. - (selftest_ctr_128): New function. - (selftest_cbc_128): New function. - (selftest): Call selftest_ctr_128 and selftest_cbc_128. - * cipher/serpent-sse2-amd64.S: New file. - * src/cipher.h (_gcry_serpent_ctr_enc): New prototype. - (_gcry_serpent_cbc_dec): New prototype. - - Serpent: faster S-box implementation. - + commit c85501af8222913f0a1e20e77fceb88e93417925 - * cipher/serpent.c (SBOX0, SBOX1, SBOX2, SBOX3, SBOX4, SBOX5, SBOX6) - (SBOX7, SBOX0_INVERSE, SBOX1_INVERSE, SBOX2_INVERSE, SBOX3_INVERSE) - (SBOX4_INVERSE, SBOX5_INVERSE, SBOX6_INVERSE, SBOX7_INVERSE): Replace - with new definitions. - -2013-05-22 Werner Koch - - w32: Fix installing of .def file. - + commit 4e46d8bc78008ba06f106b368cefb0dddf15fe38 - * src/Makefile.am (install-def-file): Create libdir first. - - Add control commands to disable mlock and setuid dropping. - + commit 2b8014af202c9e0f7619f7a4377f5eb752235220 - * src/gcrypt.h.in (GCRYCTL_DISABLE_LOCKED_SECMEM): New. - (GCRYCTL_DISABLE_PRIV_DROP): New. - * src/global.c (_gcry_vcontrol): Implement them. - * src/secmem.h (GCRY_SECMEM_FLAG_NO_MLOCK): New. - (GCRY_SECMEM_FLAG_NO_PRIV_DROP): New. - * src/secmem.c (no_mlock, no_priv_drop): New. - (_gcry_secmem_set_flags, _gcry_secmem_get_flags): Set and get them. - (lock_pool): Handle no_mlock and no_priv_drop. - - Fix libtool 2.4.2 to correctly detect .def files. - + commit 05b3e2dda61d3d532a7f1ffd2487a85ed1c4f3ab - * ltmain.sh (sed_uncomment_deffile): New. - (orig_export_symbols): Uncomment def file before testing for EXPORTS. - * m4/libtool.m4: Do the same for the generated code. - -2013-05-22 Jussi Kivilinna - - Add AES bulk CBC decryption selftest. - + commit b65281a1b76d7898eb7607932246b78277d8570b - * cipher/rinjdael.c (selftest_cbc_128): New. - (selftest): Call selftest_cbc_128. - - Change AES bulk CTR encryption selftest use new selftest helper function - + commit 3637bdbb5f30a5e06745d448a6a8ad00e5cdd740 - * cipher/rinjdael.c: (selftest_ctr_128): Change to use new selftest - helper function. - - Convert bulk CTR and CBC selftest functions in Camellia to generic selftest helper functions - + commit eed4042fa028b3f73bad6a768f5b0a82f642e545 - * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-selftest files. - * cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128): Change - to use the new selftest helper functions. - * cipher/cipher-selftest.c: New. - * cipher/cipher-selftest.h: New. - - camellia: add bulk CBC decryption selftest. - + commit f2986f03d1ae59f973bae56ce4333e5457003de5 - * cipher/camellia-glue.c: (selftest_cbc_128): New selftest function for - bulk CBC decryption. - (selftest): Add call to selftest_cbc_128. - - camellia: Rename camellia_aesni_avx_x86-64.S to camellia-aesni-avx-amd64.S - + commit 194ae35da7830a76b96e9b21121a2e1248762d3f - * cipher/camellia_aesni_avx_x86-64.S: Remove. - * cipher/camellia-aesni-avx-amd64.S: New. - * cipher/Makefile.am: Use the new filename. - * configure.ac: Use the new filename. - -2013-05-21 Werner Koch - - Fix indentation and save on string space. - + commit 2ac3a7c2b7154379738d17cfde8cd9017dc142f0 - * cipher/ecc.c (generate_key): Use the same string for both fatal - messages. - -2013-05-20 Andrey - - cipher: Fix segv in last ECC change. - + commit eb4937914db3fb7317502e97e4f0e40c1857f59d - * cipher/ecc.c (generate_key): Make sure R is initialized. - -2013-05-09 Andrey - - cipher: Generate compliant ECC keys. - + commit 296f38a2bd2e25788643a42e4881faed00884a40 - * cipher/ecc.c (generate_key): Make sure a key is compliant for - using the compact representation. - -2013-04-18 Werner Koch - - cipher: Fix regression in Padlock support. - + commit 6c942ec4d63032539f1fc56c3b970cfec2369e2b - * cipher/rijndael.c (do_setkey): Remove dummy padlock key generation case - and use the standard one. - - mpi: Yet another fix to get option flag munging right. - + commit 03557687a09b9c8878c77cbfdd0f5049940c72da - * cipher/Makefile.am (o_flag_munging): Yet another fix. - - mpi: Make using gcc's -Ofast easier. - + commit 1ab26bc304c559b0a8d29823d656f7ad8d10a59d - * cipher/Makefile.am (o_flag_munging): Take -Ofast in account. - - Fix alignment problem in idea.c. - + commit 3271b0dfda67e26c381d7ed667737f08f865ee40 - * cipher/idea.c (cipher): Rework parameter use to fix alignment - problems. - - * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. - - Fix alignment problem in idea.c. - - * cipher/idea.c (cipher): Rework parameter use to fix alignment - problems. - - * cipher/idea.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Remove unused macros. - - - (cherry picked from 4cd279556777e02eda79973f68efaa4b741f9175) - -2013-04-18 Vladimir Serbinenko - - Add some const attributes. - + commit ff0b94c22b36600fff1db9f1d48f9de61f9038f7 - * cipher/md4.c (transform): Add const attribute. - * cipher/md5.c (transform): Ditto. - * cipher/rmd160.c (transform): Ditto. - - Fix alignment problem in serpent.c. - + commit 86e72b490a5790a9c23341067c7e4d3e38be1634 - * cipher/serpent.c (serpent_key_prepare): Fix misaligned access. - (serpent_setkey): Likewise. - (serpent_encrypt_internal): Likewise. - (serpent_decrypt_internal): Likewise. - (serpent_encrypt): Don't put an alignment-increasing cast. - (serpent_decrypt): Likewise. - (serpent_test): Likewise. - -2013-04-16 Werner Koch - - Fix multiply by zero in gcry_mpi_ec_mul. - + commit 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 - * mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. - * tests/t-mpi-point.c (basic_ec_math): Add a test case for this. - -2013-04-15 Werner Koch - - Add macros to return pre-defined MPIs. - + commit bd3afc27459a44df8cf501a7e1ae37bb849a8b0e - * src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO) - (GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New. - (_gcry_mpi_get_const): New private function. - * src/visibility.c (_gcry_mpi_get_const): New. - * src/visibility.h: Mark it visible. - - Fix addition of EC points. - + commit 71b25a5562f68aad81eae52cc1bab9ca7731a7e9 - * mpi/ec.c (_gcry_mpi_ec_add_points): Fix case of P1 given in affine - coordinates. - -2013-04-12 Werner Koch - - Add hack to allow using an "ecc" key for "ecdsa" or "ecdh". - + commit af8a79aea80217a0c85a592db1fa001792a6bf0f - * cipher/pubkey.c (sexp_to_key): Add optional arg USE. - (gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign. - (gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt. - * tests/basic.c (show_sexp): New. - (check_pubkey_sign): Print test number and add cases for ecc. - (check_pubkey_sign_ecdsa): New. - (do_check_one_pubkey): Divert to new function. - -2013-04-11 Werner Koch - - Add gcry_pubkey_get_sexp. - + commit 1f3cfad66456dd6f2e48f20b8eb0c51343449a1c - * src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New. - (GCRY_PK_GET_SECKEY): New. - (gcry_pubkey_get_sexp): New. - * src/visibility.c (gcry_pubkey_get_sexp): New. - * src/visibility.h (gcry_pubkey_get_sexp): Mark visible. - * src/libgcrypt.def, src/libgcrypt.vers: Add new function. - * cipher/pubkey-internal.h: New. - * cipher/Makefile.am (libcipher_la_SOURCES): Add new file. - * cipher/ecc.c: Include pubkey-internal.h - (_gcry_pk_ecc_get_sexp): New. - * cipher/pubkey.c: Include pubkey-internal.h and context.h. - (_gcry_pubkey_get_sexp): New. - * src/context.c (_gcry_ctx_find_pointer): New. - * src/cipher-proto.h: Add _gcry_pubkey_get_sexp. - * tests/t-mpi-point.c (print_sexp): New. - (context_param, basic_ec_math_simplified): Add tests for the new - function. - - * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11. - (AH_BOTTOM) Add error codes from gpg-error 1.12 - * src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL. - - * mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q. - (_gcry_mpi_ec_get_point): Ditto. - - Remove unused code. - + commit 7524da2ba83d83a766c22d704006380c893e1c49 - * cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release) - (_gcry_pk_get_elements): Remove. - -2013-04-05 Werner Koch - - Make the Q parameter optional for ECC signing. - + commit fe91a642c7c257aca095b96406fbcace88fa3df4 - * cipher/ecc.c (ecc_sign): Remove the need for Q. - * cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a - private key. - (sexp_to_key): Add optional arg R_IS_ECC. - (gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys. - * tests/pubkey.c (die): Make sure to print a LF. - (check_ecc_sample_key): New. - (main): Call new test. - - Add test case for SCRYPT and rework the code. - + commit f23a068bcb6ec9788710698578d8be0a2a006dbc - * tests/t-kdf.c (check_scrypt): New. - (main): Call new test. - - * configure.ac: Support disabling of the scrypt algorithm. Make KDF - enabling similar to the other algorithm classes. Disable scrypt if we - don't have a 64 bit type. - * cipher/memxor.c, cipher/memxor.h: Remove. - * cipher/scrypt.h: Remove. - * cipher/kdf-internal.h: New. - * cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to - EXTRA_libcipher_la_SOURCES. - (GCRYPT_MODULES): Add GCRYPT_KDFS. - * src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value. - * cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2. - (_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0. - (gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check - for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt. - (gcry_kdf_derive) [!USE_SCRYPT]: Return an error. - * cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by - kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined. - Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types. - (_SALSA20_INPUT_LENGTH): Remove underscore from identifier. - (_scryptBlockMix): Replace memxor by buf_xor. - (_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer - overflow. Add hack to support blocksize of 1 for tests. Return - errors from calls to _gcry_kdf_pkdf2. - - * cipher/kdf.c (openpgp_s2k): Make static. - -2013-04-04 Christian Grothoff - - Add the SCRYPT KDF function. - + commit 855b1a8f81b5a3b5b31d0c3c303675425f58a5af - * scrypt.c, scrypt.h: New files. - * memxor.c, memxor.h: New files. - * cipher/Makefile.am: Add new files. - * cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT. - * src/gcrypt.h.in (GCRY_KDF_SCRYPT): New. - -2013-03-22 Werner Koch - - Replace deprecated AM_CONFIG_HEADER macro. - + commit d0c8fda5af45354ac32928c9a01e688d6893599d - * configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADER/ - - Disable AES-NI support if as does not support SSSE3. - + commit 9f4df1612ae21a5ce70d98930cb194e5193f5e2d - * configure.ac (HAVE_GCC_INLINE_ASM_SSSE3): New test. - (ENABLE_AESNI_SUPPORT): Do not define without SSSE3 support. - (HAVE_GCC_INLINE_ASM_SSSE3, ENABLE_AVX_SUPPORT): Split up detection - and definition. - -2013-03-21 Werner Koch - - Fix make dependency regression. - + commit 2a1e03c5a481689c43d197dd8034a1d73de0a1a4 - * src/Makefile.am (libgcrypt_la_DEPENDENCIES): Add missing backslash. - Reported by LRN. - -2013-03-20 Werner Koch - - Use finer grained on-the-fly helper computations for EC. - + commit 5fb3501aa0cf5f2b2a9012706bb9ad2b1c4bfd7d - * src/ec-context.h (mpi_ec_ctx_s): Replace NEED_SYNC by a bitfield. - * mpi/ec.c (ec_p_sync): Remove. - (ec_get_reset, ec_get_a_is_pminus3, ec_get_two_inv_p): New. - (ec_p_init): Use ec_get_reset. - (_gcry_mpi_ec_set_mpi, _gcry_mpi_ec_dup_point) - (_gcry_mpi_ec_add_points): Replace ec_p_sync by the ec_get_ accessors. - - Allow building with w64-mingw32. - + commit b402e550041782b770a6ae267c7c28ca8324a12e - * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also - prepare for 64 bit building. - - Provide GCRYPT_VERSION_NUMBER macro, add build info to the binary. - + commit 1eaad0a8c4cab227685a6a8768e539df2f1f4dac - * src/gcrypt.h.in (GCRYPT_VERSION_NUMBER): New. - * configure.ac (VERSION_NUMBER): New ac_subst. - * src/global.c (_gcry_vcontrol): Move call to above function ... - (gcry_check_version): .. here. - - * configure.ac (BUILD_REVISION, BUILD_FILEVERSION) - (BUILD_TIMESTAMP): Define on all platforms. - * compat/compat.c (_gcry_compat_identification): Include revision and - timestamp. - - Fix a memory leak in the new EC code. - + commit de07974d807b703a2554d6ba885ea249e648bd44 - * cipher/ecc.c (point_from_keyparam): Always call mpi_free on A. - -2013-03-19 Werner Koch - - Extend the new EC interface and fix two bugs. - + commit 931e409e877d1e444edd53dead327ec8e64daf9a - * src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC. - * mpi/ec.c (ec_p_sync): New. - (ec_p_init): Only set NEED_SYNC. - (_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'. - (_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points) - (_gcry_mpi_ec_mul_point): Call ec_p_sync. - (_gcry_mpi_ec_get_point): Recompute 'q' is needed. - (_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x', - 'q.y', and 'g'. - * cipher/ecc.c (_gcry_mpi_ec_ec2os): New. - - * cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q', - 'G'->'q'. - -2013-03-15 Werner Koch - - mpi: Add functions to manipulate an EC context. - + commit 229f3219f80c9369ed9624242c0436ae6d293201 - * src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove. - (gcry_mpi_ec_new): New. - (gcry_mpi_ec_get_mpi): New. - (gcry_mpi_ec_get_point): New. - (gcry_mpi_ec_set_mpi): New. - (gcry_mpi_ec_set_point): New. - * src/visibility.c (gcry_mpi_ec_p_new): Remove. - * mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and - change to return an error code. - (_gcry_mpi_ec_get_mpi): New. - (_gcry_mpi_ec_get_point): New. - (_gcry_mpi_ec_set_mpi): New. - (_gcry_mpi_ec_set_point): New. - * src/mpi.h: Add new prototypes. - * src/ec-context.h: New. - * mpi/ec.c: Include that header. - (mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some - fields into an inner struct. - (point_copy): New. - * cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS. - (mpi_from_keyparam, point_from_keyparam): New. - (_gcry_mpi_ec_new): New. - - * tests/t-mpi-point.c (test-curve): New. - (ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new. - (get_and_cmp_mpi, get_and_cmp_point): New. - (context_param): New test. - (basic_ec_math_simplified): New test. - (main): Call new tests. - - * src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX. - -2013-03-13 Werner Koch - - Add GCRYMPI_FLAG_CONST and make use constants. - + commit e005629bd7bebb3e13945645c6e1230b44ab16a2 - * src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New. - * src/mpi.h (mpi_is_const, mpi_const): New. - (enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New. - * mpi/mpiutil.c (_gcry_mpi_init): New. - (constants): New. - (_gcry_mpi_free): Do not release a constant flagged MPI. - (gcry_mpi_copy): Clear the const and immutable flags. - (gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support - GCRYMPI_FLAG_CONST. - (_gcry_mpi_const): New. - * src/global.c (global_init): Call _gcry_mpi_init. - * mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and - eight. Change all users to call mpi_const() instead. - - * src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag. - - Add GCRYMPI_FLAG_IMMUTABLE to help debugging. - + commit 1fecae98ee7e0fa49b29f98efa6817ca121ed98a - * src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New. - * src/mpi.h (mpi_is_immutable): New macro. - * mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag) - (gcry_mpi_get_flag): Implement new flag - (_gcry_mpi_immutable_failed): New. - - * mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch) - (gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag. - * mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit) - (gcry_mpi_clear_highbit, gcry_mpi_clear_bit) - (_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto. - * mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto. - -2013-03-08 Werner Koch - - mpi: Add an API for EC math. - + commit 8ac9e756d3ca545a9b97e61ad3d42fc2e877d788 - * src/context.c, src/context.h: New. - * src/Makefile.am (libgcrypt_la_SOURCES): Add new files. - * src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types. - (gcry_ctx_release): New prototype. - (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) - (gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes. - * mpi/ec.c: Include errno.h and context.h. - (_gcry_mpi_ec_init): Rename to .. - (ec_p_init): this, make static, remove allocation and add arg CTX. - (_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init. - Change all callers to use this func. - (_gcry_mpi_ec_free): Factor code out to .. - (ec_deinit): New func. - (gcry_mpi_ec_p_new): New. - * src/visibility.c: Include context.h and mpi.h. - (gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup) - (gcry_mpi_ec_add, gcry_mpi_ec_mul) - (gcry_ctx_release): New wrapper functions. - * src/visibility.h: Mark new wrapper functions visible. - * src/libgcrypt.def, src/libgcrypt.vers: Add new symbols. - * tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New. - (context_alloc): New. - (make_point, basic_ec_math): New. - - mpi: Add an API for EC point operations. - + commit 7cce620acddac2df024ca421ed3abc32a88f3738 - * mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New. - (gcry_mpi_point_get, gcry_mpi_point_snatch_get): New. - (gcry_mpi_point_set, gcry_mpi_point_snatch_set): New. - * src/visibility.h, src/visibility.c: Add corresponding macros and - wrappers. - * src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New. - (gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get) - (gcry_mpi_point_snatch_get, gcry_mpi_point_set) - (gcry_mpi_point_snatch_set): New prototypes. - (mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get) - (mpi_point_set, mpi_point_snatch_set): New macros. - * src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release) - (gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set) - (gcry_mpi_point_snatch_set): New symbols. - * src/libgcrypt.def: Ditto. - * tests/t-mpi-point.c: New. - * tests/Makefile.am (TESTS): Add t-mpi-point - -2013-03-07 Werner Koch - - mpi: Add mpi_snatch and change an internal typedef. - + commit 6c4767637c512127a4362732b3ec51068554d328 - * src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point. - (mpi_point_struct): New typedef. - (mpi_point_t): Change typedef to a pointer. Replace all occurrences - to use mpi_point_struct. - * mpi/ec.c (_gcry_mpi_ec_point_init): Rename to .. - (_gcry_mpi_point_init): this. Change all callers. - (_gcry_mpi_ec_point_free): Rename to .. - (_gcry_mpi_point_free_parts): this. Change all callers. - - * mpi/mpiutil.c (gcry_mpi_snatch): New function. - * src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and - macro. - * src/visibility.c (gcry_mpi_snatch): Add wrapper. - * src/visibility.h (gcry_mpi_snatch): Add macro magic. - * src/libgcrypt.def, src/libgcrypt.vers: Add new function. - - Pretty print the configure feedback. - + commit c620099e4ab2f35e0196b395a805bb655c984ac2 - * acinclude.m4 (GNUPG_MSG_PRINT): Remove. - (GCRY_MSG_SHOW, GCRY_MSG_WRAP): New. - * configure.ac: Use new macros for the feedback. - -2013-02-20 Werner Koch - - Fix building of hwf-x86.c. - + commit 70dcac663de06b012417015c175973d64e6980df - * src/Makefile.am (AM_CFLAGS): Set to GPG_ERROR_CFLAGS - (AM_CCASFLAGS): Set NOEXECSTACK_FLAGS. - - Remove build hacks for FreeBSD. - + commit fb48ebf7081400a24ee48f8a9894a361e8834b6e - * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and - LDFLAGS. - -2013-02-19 Jussi Kivilinna - - Rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni. - + commit 0da77955a097bfd2469ad084b3e9fcac4fb1e3fa - * cipher/rijndael.c (_gcry_aes_cbc_enc): Check if AES-NI is enabled before - calling aesni_prepare() and aesni_cleanup(). - - Add AES-NI/AVX accelerated Camellia implementation. - + commit 63ac3ba07dba82fde040d31b90b4eff627bd92b9 - * configure.ac: Add option --disable-avx-support. - (HAVE_GCC_INLINE_ASM_AVX): New. - (ENABLE_AVX_SUPPORT): New. - (camellia) [ENABLE_AVX_SUPPORT, ENABLE_AESNI_SUPPORT]: Add - camellia_aesni_avx_x86-64.lo. - * cipher/Makefile.am (AM_CCASFLAGS): Add. - (EXTRA_libcipher_la_SOURCES): Add camellia_aesni_avx_x86-64.S - * cipher/camellia-glue.c [ENABLE_AESNI_SUPPORT, ENABLE_AVX_SUPPORT] - [__x86_64__] (USE_AESNI_AVX): Add macro. - (struct Camellia_context) [USE_AESNI_AVX]: Add use_aesni_avx. - [USE_AESNI_AVX] (_gcry_camellia_aesni_avx_ctr_enc) - (_gcry_camellia_aesni_avx_cbc_dec): New prototypes to assembly - functions. - (camellia_setkey) [USE_AESNI_AVX]: Enable AES-NI/AVX if hardware - support both. - (_gcry_camellia_ctr_enc) [USE_AESNI_AVX]: Add AES-NI/AVX code. - (_gcry_camellia_cbc_dec) [USE_AESNI_AVX]: Add AES-NI/AVX code. - * cipher/camellia_aesni_avx_x86-64.S: New. - * src/g10lib.h (HWF_INTEL_AVX): New. - * src/global.c (hwflist): Add HWF_INTEL_AVX. - * src/hwf-x86.c (detect_x86_gnuc) [ENABLE_AVX_SUPPORT]: Add detection - for AVX. - - camellia.c: Prepare for AES-NI/AVX implementation. - + commit 4de62d80644228fc5db2a9f9c94a7eb633d8de2e - * cipher/camellia-glue.c (CAMELLIA_encrypt_stack_burn_size) - (CAMELLIA_decrypt_stack_burn_size): Increase stack burn size. - * cipher/camellia.c (CAMELLIA_ROUNDSM): Move key-material mixing in - the front. - (camellia_setup128, camellia_setup256): Remove now unneeded - key-material mangling. - (camellia_encrypt128, camellia_decrypt128, amellia_encrypt256) - (camellia_decrypt256): Copy block to stack, so that compiler can - optimize it for register usage. - - Camellia, prepare glue code for AES-NI/AVX implementation. - + commit 537f12ce072d568f9fa344c447d32b2e0efffbe8 - * cipher/camellia-glue.c (ATTR_ALIGNED_16): Add macro. - (CAMELLIA_encrypt_stack_burn_size): Add macro. - (camellia_encrypt): Use macro above for stack burn size. - (CAMELLIA_decrypt_stack_burn_size): Add macro. - (camellia_decrypt): Use macro above for stack burn size. - (_gcry_camellia_ctr_enc): New function. - (_gcry_camellia_cbc_dec): New function. - (selftest_ctr_128): New function. - (selftest): Call function above. - * cipher/cipher.c (gcry_cipher_open) [USE_CAMELLIA]: Register bulk - functions for CBC-decryption and CTR-mode. - * src/cipher.h (_gcry_camellia_ctr_enc): New prototype. - (_gcry_camellia_cbc_dec): New prototype. - -2012-12-21 Werner Koch - - Prepare for hardware feature detection on other platforms. - + commit 09ac5d87d11aa0b1fa0e0a4184ab03b3671a73e2 - * configure.ac (GCRYPT_HWF_MODULES): New. - (HAVE_CPU_ARCH_X86, HAVE_CPU_ARCH_ALPHA, HAVE_CPU_ARCH_SPARC) - (HAVE_CPU_ARCH_MIPS, HAVE_CPU_ARCH_M68K, HAVE_CPU_ARCH_PPC) - (HAVE_CPU_ARCH_ARM): New AC_DEFINEs. - * mpi/config.links (mpi_cpu_arch): New. - * src/global.c (print_config): Print new tag "cpu-arch". - * src/Makefile.am (libgcrypt_la_SOURCES): Add hwf-common.h - (EXTRA_libgcrypt_la_SOURCES): New. - (gcrypt_hwf_modules): New. - (libgcrypt_la_DEPENDENCIES, libgcrypt_la_LIBADD): Add that one. - * src/hwfeatures.c: Factor most code out to ... - * src/hwf-x86.c: New file. - (detect_x86_gnuc): Return the feature vector. - (_gcry_hwf_detect_x86): New. - * src/hwf-common.h: New. - * src/hwfeatures.c (_gcry_detect_hw_features): Dispatch using - HAVE_CPU_ARCH_ macros. - -2012-12-21 Jussi Kivilinna - - Clean up i386/x86-64 cpuid usage in hwfeatures.c. - + commit d842eea55e22c05da3959a7a4422b5fcd7884f60 - * src/hwfeatures.c [__i386__ && __GNUC__] (detect_ia32_gnuc): Remove. - [__x86_64__ && __GNUC__] (detect_x86_64_gnuc): Remove. - [__i386__ && __GNUC__] (is_cpuid_available, get_cpuid) - (HAS_X86_CPUID): New. - [__x86_64__ && __GNUC__] (is_cpuid_available, get_cpuid) - (HAS_X86_CPUID): New. - [HAS_X86_CPUID] (detect_x86_gnuc): New. - (_gcry_detect_hw_features) [__i386__ && GNUC]: Remove detect_ia32_gnuc - call. - (_gcry_detect_hw_features) [__x86_64__ && GNUC]: Remove - detect_x86_64_gnuc call. - (_gcry_detect_hw_features) [HAS_X86_CPUID]: Add detect_x86_gnuc call. - -2012-12-18 Dmitry Kasatkin - - Add support for using DRNG random number generator. - + commit efd7002188e6d50013e4d9a920a8b9afa9d210e5 - * configure.ac: Add option --disable-drng-support. - (ENABLE_DRNG_SUPPORT): New. - * random/rndhw.c (USE_DRNG): New. - (rdrand_long, rdrand_nlong, poll_drng): New. - (_gcry_rndhw_poll_fast, _gcry_rndhw_poll_slow): Call poll function. - * src/g10lib.h (HWF_INTEL_RDRAND): New. - * src/global.c (hwflist): Add "intel-rdrand". - * src/hwfeatures.c (detect_x86_64_gnuc) [ENABLE_DRNG_SUPPORT]: Detect - RDRAND. - (detect_ia32_gnuc) [ENABLE_DRNG_SUPPORT]: Detect RDRAND. - -2012-12-03 Werner Koch - - random: Add a RNG selection interface and system RNG wrapper. - + commit 7607ab81504ce44060ed0b331d309606f5da1e75 - * random/random-system.c: New. - * random/Makefile.am (librandom_la_SOURCES): Add new module. - * random/random.c (struct rng_types): New. - (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New. - (_gcry_random_initialize, gcry_random_add_bytes, do_randomize) - (_gcry_set_random_seed_file, _gcry_update_random_seed_file) - (_gcry_fast_random_poll): Dispatch to the actual RNG. - * src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New. - GCRYCTL_GET_CURRENT_RNG_TYPE): New. - (gcry_rng_types): New. - * src/global.c (print_config): Print the TNG type. - (global_init, _gcry_vcontrol): Implement the new control codes. - * doc/gcrypt.texi (Controlling the library): Document the new control - codes. - - * tests/benchmark.c (main): Add options to test the RNG types. - * tests/random.c (main): Add new options. - (print_hex): Print to stderr. - (progress_cb, rng_type): New. - (check_rng_type_switching, check_early_rng_type_switching): New. - (run_all_rng_tests): New. - - tests: Allow use of random.c under Windows. - + commit 76c622e24a07f7c826812be173aa173b4334776b - * tests/Makefile.am (TESTS): Always include random.c - * tests/random.c [!W32]: Include sys/wait.h. - (inf): New. - (check_forking, check_nonce_forking): Print a notice what will be done. - (main) [W32]: Do not call signal. - - Make random-fips.c work multi-threaded. - + commit 75760021b511ba438606af746431223357e7a155 - * random/random-fips.c (basic_initialization): Fix reversed logic. - - Move nonce creation from csprng backend to random main module. - + commit c324644aa14e54fc7051983b38222db32b8ab227 - * random/random-csprng.c (_gcry_rngcsprng_create_nonce): Remove. - (nonce_buffer_lock): Remove. - (initialize_basics): Remove init of nonce_buffer_lock. - * random/random.c: Add a few header files. - (nonce_buffer_lock): New. - (_gcry_random_initialize): Init nonce_buffer_lock. - (gcry_create_nonce): Add code from _gcry_rngcsprng_create_nonce. - - * random/random-daemon.c (_gcry_daemon_create_nonce): Remove. - -2012-12-03 Jussi Kivilinna - - Fix building with CC="gcc -std=c90". - + commit f851b9a932ee64fa5a06000d1ac763ba4349f07d - * configure.ac: Add check for missing 'asm' keyword in C90 mode and - replacement with '__asm__'. - -2012-12-03 Werner Koch - - Try to use inttypes.h if stdint.h is not available. - + commit d9ec7aec1301b13a89e5c9c54d7ad52e1a29b846 - * cipher/bufhelp.h [HAVE_INTTYPES_H]: Include inttypes.h - -2012-12-03 Jussi Kivilinna - - Optimize buffer xoring. - + commit 162791bc08f4fc9b3882671e68ecdfd9e130ae59 - * cipher/Makefile.am (libcipher_la_SOURCES): Add 'bufhelp.h'. - * cipher/bufhelp.h: New. - * cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt) - (_gcry_cipher_aeswrap_decrypt): Use 'buf_xor' for buffer xoring. - * cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt) - (_gcry_cipher_cbc_decrypt): Use 'buf_xor' for buffer xoring and remove - resulting unused variables. - * cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt) Use 'buf_xor_2dst' - for buffer xoring and remove resulting unused variables. - (_gcry_cipher_cfb_decrypt): Use 'buf_xor_n_copy' for buffer xoring and - remove resulting unused variables. - * cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Use 'buf_xor' for - buffer xoring and remove resulting unused variables. - * cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt) - (_gcry_cipher_ofb_decrypt): Use 'buf_xor' for buffer xoring and remove - resulting used variables. - * cipher/rijndael.c (_gry_aes_cfb_enc): Use 'buf_xor_2dst' for buffer - xoring and remove resulting unused variables. - (_gry_aes_cfb_dev): Use 'buf_xor_n_copy' for buffer xoring and remove - resulting unused variables. - (_gry_aes_cbc_enc, _gry_aes_ctr_enc, _gry_aes_cbc_dec): Use 'buf_xor' - for buffer xoring and remove resulting unused variables. - -2012-11-29 Jussi Kivilinna - - Optimize AES-NI CTR mode. - + commit 9ee9e25f519696d509b1a5c1cc04ab0121e98a51 - * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Make - handling of 64-bit overflow and carry conditional. Avoid generic to - vector register passing of value '1'. Generate and use '-1' instead. - -2012-11-28 Werner Koch - - Make a cpp conditional in rijndael.c better readable. - + commit 6765e0a8618000d3dc7bda035163e0708c43791b - * cipher/rijndael.c (USE_AESNI): Modify cpp conditionals for better - readability. - -2012-11-28 Jussi Kivilinna - - Fix building with Clang on x86-64 and i386. - + commit 99e272d938fe23efec25af409bdb91dae0e659e5 - * cipher/rijndael.c [USE_AESNI] (do_aesni_enc_aligned) - (do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Add - explicit suffix to 'cmp' instructions. - -2012-11-26 Jussi Kivilinna - - Optimize wipememory2 for i386 and x86-64. - + commit faec12e23f03c7cd1614594bfdd51f1302cadb42 - * src/g10lib.h (wipememory2): Add call to fast_wipememory2. - (fast_wipememory2): New macros for i386 and x86-64 architectures. - Empty macro provided for other architectures. - - Fix missing 64bit carry handling in AES-NI CTR mode. - + commit fc37e805c6394c2e635d1a033670be961f36a6d2 - * cipher/rijndael.c [USE_AESNI] (do_aesni_ctr, do_aesni_ctr_4): Add - carry handling to 64-bit addition. - (selftest_ctr_128): New function for testing IV handling in bulk CTR - function. - (selftest): Add call to selftest_ctr_128. - - Add parallelized AES-NI CBC decryption. - + commit 35aff0cd43885b5f5c076432ec614698abeb63d8 - * cipher/rijndael.c [USE_AESNI] (aesni_cleanup_5): New macro. - [USE_AESNI] (do_aesni_dec_vec4): New function. - (_gcry_aes_cbc_dec) [USE_AESNI]: Add parallelized CBC loop. - (_gcry_aes_cbc_dec) [USE_AESNI]: Change IV storage register from xmm3 - to xmm5. - - Clear xmm5 after use in AES-NI CTR mode. - + commit 5acd0e5ae2a58dda51c2b56c879b80a1a6d2c42f - * cipher/rijndael.c [USE_AESNI]: Rename aesni_cleanup_2_4 to - aesni_cleanup_2_5. - [USE_AESNI] (aesni_cleanup_2_5): Clear xmm5 register. - (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec) [USE_AESNI]: Use - aesni_cleanup_2_5 instead of aesni_cleanup_2_4. - - Optimize AES-NI CBC encryption. - + commit be3768994ad362dfc849a8cd0146b4c9bb287d20 - * cipher/rijndeal.c (_gcry_aes_cbc_enc) [USE_AESNI]: Add AES-NI - spesific loop and use SSE2 assembler for xoring and copying of - blocks. - - Improve parallelizability of CBC decryption for AES-NI. - + commit 3369d960158ab4231b83926a0f982e2a8819f173 - * cipher/rijndael.c (_gcry_aes_cbc_dec) [USE_AESNI]: Add AES-NI - specific CBC mode loop with temporary block and IV stored in free SSE - registers. - - Extend test of chained modes for 128bit ciphers. - + commit 55b96be08531664ed3f4230acebe0f45954bbc33 - * tests/basic.c (check_one_cipher_core, check_one_cipher): Increase - input and output buffer sizes from 16 bytes to 1024+16=1040 bytes. - (check_one_cipher_core): Add asserts to verify sizes of temporary - buffers. - -2012-11-21 Werner Koch - - Fix for strict aliasing rules. - + commit dfb4673da8ee52d95e0a62c9f49ca8599943f22e - * cipher/rijndael.c (do_setkey, prepare_decryption): Use u32_a_t for - casting. - - Do not detect AES-NI support if disabled by configure. - + commit 3047795794eb238aa684bd0729acf64c82a19e09 - * src/hwfeatures.c (detect_ia32_gnuc): Detect AESNI support only if - that support has been enabled. - -2012-11-21 Jussi Kivilinna - - Fix too large burn_stack in camellia-glue.c. - + commit 8afabc2813948778a3db52d9dee9a041a3dd50d4 - * cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Do not - take full array size of KEY_TABLE_TYPE, but argument size instead. - - Add x86_64 support for AES-NI. - + commit d8bdfa42ed582655c180e7db9b16d4e756a12a6e - * cipher/rijndael.c [ENABLE_AESNI_SUPPORT]: Enable USE_AESNI on x86-64. - (do_setkey) [USE_AESNI_is_disabled_here]: Use %[key] and %[ksch] - directly as registers instead of using temporary register %%esi. - [USE_AESNI] (do_aesni_enc_aligned, do_aesni_dec_aligned, do_aesni_cfb, - do_aesni_ctr, do_aesni_ctr_4): Use %[key] directly as register instead - of using temporary register %%esi. - [USE_AESNI] (do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Change %[key] - from generic "g" type to register "r". - * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Do not - clear AES-NI feature flag. - - Fix cpuid vendor-id check for i386 and x86-64. - + commit 9e1552517f68459a165ddebbba85e7cf37ff4f0c - * src/hwfeatures.c (detect_x86_64_gnuc, detect_ia32_gnuc): Allow - Intel features be detect from CPU by other vendors too. - - Fix hwdetect assembler clobbers. - + commit 19b9efd1f47a5de9c450ce8212dfa3174a029c7a - * src/hwfeatures.c (detect_x86_64_gnuc): Add missing %ebx assembler - clobbers. - (detect_x86_64_gnuc, detect_ia32_gnuc) [ENABLE_PADLOCK_SUPPORT]: Add - missing %ecx assembler clobbers. - -2012-11-21 Werner Koch - - Use configure test for aligned attribute. - + commit 6368ed542150956ff4ba8170a15bbc534143675c - * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): New test and ac_define. - * cipher/cipher-internal.h, cipher/rijndael.c, random/rndhw.c: Use new - macro instead of a fixed test for __GNUC__. - - Fix segv with AES-NI on some platforms. - + commit a96974de734beb51a733a89b3283bcf7b433b54c - * cipher/rijndael.c (RIJNDAEL_context): Align on 16 bytes. - -2012-11-16 Werner Koch - - Improve parsing of the GIT revision number. - + commit 4b18e530f417d4af401a3fd721ad2a07e5310e3e - * configure.ac (mmm4_revision): Use git rev-parse. - -2012-11-08 Werner Koch - - Fix extern inline use for gcc > 4.3 in c99 mode. - + commit 5abc06114e91beca0177331e1c79815f5fb6d7be - * mpi/mpi-inline.h [!G10_MPI_INLINE_DECL]: Take care of changed extern - inline semantics in gcc. - -2012-11-07 Werner Koch - - Fix memory leak in gcry_pk_testkey for ECC. - + commit 8cbbad5f94f6e0429fffe66d689aea20f7e35957 - * cipher/ecc.c (check_secret_key): Restructure for easier allocation - tracking. Fix memory leak. - -2012-11-05 Werner Koch - - Prepare for a backported interface in 1.5.1. - + commit 7af98ef78d45e813f47ae4e180a02757a379953f - * configure.ac: Bump LT version at C20/A0/R0 to adjust for a planned - API update in 1.5.1. - - Adjust for stricter autoconf requirements. - + commit 1241fbbc896e9bbad68f1007a17b20493f6cd1af - * configure.ac: Fix usage of AC_LANG_PROGRAM. - - Update build helper scripts. - + commit a5c4d45e8d12737cd21b095c81da5c18e2afc39e - * config.guess, config.sub: Update to version 2012-07-31. - * ltmain.sh: Update to version 2.4.2. - * install-sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltversion.m4 - * m4/lt~obsolete.m4: Update to autoconf 2.69 versions. - - Do not distribute a copy of gitlog-to-changelog. - + commit 40976d7da5420453bf93a9c99f0cc4c7044d0774 - * Makefile.am (GITLOG_TO_CHANGELOG): New. - (gen-ChangeLog): Require an installed gitlog-to-changelog. - * scripts/gitlog-to-changelog: Remove. - - * README.SVN: Remove. - * REMOVE.GIT: New. - - Allow building with w64-mingw32. - + commit 4f6fb150558d0ed250bfbd50352c258a4456ba50 - * autogen.sh <--build-w32>: Support the w64-mingw32 toolchain. Also - prepare for 64 bit building. - : Remove option -c from chmod. - - Switch to the new automagic beta numbering scheme. - + commit 7d5195be76d9dd4adc28976ad153e8f7761c5855 - * configure.ac: Add all the required m4 magic. - - Avoid dereferencing pointer right after the end. - + commit 79502e2c1982047dcf2b776f52826f38bbd9b1fe - * mpi/mpicoder.c (do_get_buffer): Check the length before derefing P. - -2012-10-30 Werner Koch - - Make ancient test program useful again. - + commit 66adf76e634423bb72ce1f0b5ed78f4e4798f190 - * tests/testapi.c (test_sexp): Adjust to current API. Print the - return code. Mark unused args. - (test_genkey): Mark unused args. - (main): Do not pass NULL to printf. - - tests: Add ECC key generation tests. - + commit c13164884ade6b1e945cddacce2d244fd881de6b - * tests/keygen.c (check_generated_ecc_key): New. - (check_ecc_keys): New. - (main): Call simple ECC checks. - -2012-10-30 Milan Broz - - PBKDF2: Allow empty passphrase. - + commit 8528f1ba40e587dc17e02822e529fbd7ac69a189 - * cipher/kdf.c (gcry_kdf_derive): Allow empty passphrase for PBKDF2. - * tests/t-kdf.c (check_pbkdf2): Add test case for above. - -2012-08-16 Xi Wang - - Replace deliberate division by zero with _gcry_divide_by_zero. - + commit 2c54c4da19d3a79e9f749740828026dd41f0521a - * mpi/mpi-pow.c: Replace 1 / msize. - * mpi/mpih-div.c: Replace 1 / dsize. - * src/misc.c: Add _gcry_divide_by_zero. - -2012-06-21 Werner Koch - - Clear AESNI feature flag for x86_64. - + commit 2196728e2252917849c1be94417258076767021b - * src/hwfeatures.c (_gcry_detect_hw_features) [__x86_64__]: Clear - AESNI feature flag. - - Beautify last change. - + commit 20e423212c9710ee663e12dd0f62580ceb245a6f - * cipher/rijndael.c: Replace C99 feature from last patch. Keep cpp - lines short. - * random/rndhw.c: Keep cpp lines short. - * src/hwfeatures.c (_gcry_detect_hw_features): Make cpp def chain - better readable. - -2012-06-21 Rafaël Carré - - Enable VIA Padlock on x86_64 platforms. - + commit baf0dc7e9c26167ab43ba2adebcf2f1abc9d9b3b - * cipher/rijndael.c: Duplicate x86 assembly and convert to x86_64. - * random/rndhw.c: Likewise. - * src/hwfeatures.c: Likewise. - -2012-05-14 Werner Koch - - Add curve aliases from RFC-5656. - + commit 39c123b729a472ace039f8536d07f8b9a5f4675a - * cipher/ecc.c (curve_aliases): Add "nistp???" entries. - -2012-04-16 Werner Koch - - State new contribution rules. - + commit 3bb858551cd5d84e43b800edfa2b07d1529718a9 - * doc/DCO: New. - * doc/HACKING: Document new rules. - -2012-04-04 Tomas Mraz - - Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command. - + commit 90e49a11733bfba9c3c505ac487282d35757f682 - * doc/gcrypt.texi: Add documentation of the new command. - * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode - only when fips mode is enabled. - (_gcry_set_enforced_fips_mode): New function. - * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype. - * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG. - * src/global.c (_gcry_vcontrol): Handle the new command. - -2012-02-17 Ulrich Müller - - Rework selftest in idea.c. - + commit 70cca617ed75ea292e1fed769114dda5cc1d76f1 - * cipher/idea.c (do_setkey): Execute selftest when first called. - (decrypt_block): Remove commented-out code. - (selftest): Execute all selftests. Return NULL on success, or - string in case of error. - -2012-02-16 Werner Koch - - Fix missing prototype. - + commit 46035d28c9b413851d43a4008fdc8e4cdf5d686b - * src/g10lib.h (_gcry_secmem_module_init): Make it a real prototype. - -2012-02-16 Ulrich Müller - - Add support for the IDEA cipher. - + commit 318fd85f377c060908d371f792d41e599b3b7483 - Adapt idea.c to the Libgcrypt framework. - Add IDEA to cipher_table and to the build system. - - Patents on IDEA have expired: - Europe: EP0482154 on 2011-05-16, - Japan: JP3225440 on 2011-05-16, - U.S.: 5,214,703 on 2012-01-07. - - * configure.ac: Add idea to the list of available ciphers. - Define USE_IDEA if idea is enabled. - * cipher/cipher.c (cipher_table): Add entry for IDEA. - * cipher/idea.c: Update comment about patents. - Include proper header files and remove redundant declarations. - (expand_key, cipher, do_setkey, encrypt_block, decrypt_block): - Define function arguments as const where appropriate. - (cipher): Test for !WORDS_BIGENDIAN instead of LITTLE_ENDIAN_HOST. - (do_setkey, decrypt_block): Don't call selftest. - (idea_setkey): New function, wrapper for do_setkey. - (idea_encrypt): New function, wrapper for encrypt_block. - (_gcry_cipher_spec_idea): Define. - * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add idea.c. - * src/cipher.h (_gcry_cipher_spec_idea): Declare. - * tests/basic.c (check_ciphers): Add GCRY_CIPHER_IDEA. - -2012-01-09 Werner Koch - - Include an IDEA implementation. - + commit 6078b05f5340d886e0b9e6cee1d9b5043e0cb210 - The code is the old IDEA test code, written by me back in 1997 and - distributed on a Danish FTP server. This commit is only for - reference. To use the code it has to be adjusted to the Libgcrypt - framework. - -2012-01-03 Marcus Brinkmann - - Fix pthread locking and remove defunctional support for static lock init. - + commit 38fcd59ce774eaa3d65f2f7534c989afd860eb56 - * src/ath.c: Include assert.h. - (ath_mutex_destroy, ath_mutex_lock, ath_mutex_unlock): Dereference LOCK. - * src/g10lib.h (_gcry_secmem_module_init): New declaration. - * src/global.c (global_init): Call _gcry_secmem_module_init. - * src/secmem.c (_gcry_secmem_module_init): New function. - -2011-12-16 Werner Koch - - Add alignment tests for the cipher tests. - + commit 14cf1f7e338fedb8edaff5631441746605152bd6 - * tests/basic.c (check_one_cipher): Factor most code out to - check_one_cipher_core. Call that core function several times using - different alignment settings. - (check_one_cipher_core): New. Add extra args to allow alignment - testing. - -2011-12-07 Werner Koch - - tests/prime: Add option to create a well known private key. - + commit 16f5654643d584e3bc739b636752d779176b2191 - * tests/prime.c (print_mpi, create_42prime): New. - (main): Add option --42. - -2011-12-01 Werner Koch - - Do not build the random-daemon by make distcheck. - + commit ea1fb538d99f1ec093f2fef86f4f29176ec27826 - * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Disable building of the - random daemon - - Generate the ChangeLog from commit logs. - + commit 137d73191c904926ba529376144ee8239af4ca02 - * scripts/gitlog-to-changelog: New script. Taken from gnulib. - * scripts/git-log-fix: New file. - * scripts/git-log-footer: New file. - * doc/HACKING: Describe the ChangeLog policy - * ChangeLog: New file. - * Makefile.am (EXTRA_DIST): Add new files. - (gen-ChangeLog): New. - (dist-hook): Run gen-ChangeLog. - - Rename all ChangeLog files to ChangeLog-2011. - -2011-12-01 Werner Koch - - NB: Changes done before December 1st, 2011 are described in - per directory files named ChangeLog-2011. See doc/HACKING for - details. - - ----- - Copyright (C) 2011 Free Software Foundation, Inc. - - Copying and distribution of this file and/or the original GIT - commit log messages, with or without modification, are - permitted provided the copyright notice and this notice are - preserved. +Local Variables: +buffer-read-only: t +mode: text +End: diff --git a/NEWS b/NEWS index 6775190..cd8b8de 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,14 @@ +Noteworthy changes in version 1.7.7 (2017-06-02) [C21/A1/R7] +------------------------------------------------ + + * Bug fixes: + + - Fix possible timing attack on EdDSA session key. + + - Fix long standing bug in secure memory implementation which could + lead to a segv on free. [bug#3027] + + Noteworthy changes in version 1.7.6 (2017-01-18) [C21/A1/R6] ------------------------------------------------ diff --git a/VERSION b/VERSION index de28578..91c74a5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.7.6 +1.7.7 diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index f91f848..813e030 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, a = mpi_snew (0); x = mpi_new (0); y = mpi_new (0); - r = mpi_new (0); + r = mpi_snew (0); ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0, skey->E.p, skey->E.a, skey->E.b); b = (ctx->nbits+7)/8; diff --git a/cipher/rsa.c b/cipher/rsa.c index b6c7374..2e13fd6 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -306,7 +306,7 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, mpi_add_ui (e, e, 2); } - /* calculate the secret key d = e^1 mod phi */ + /* calculate the secret key d = e^-1 mod phi */ d = mpi_snew ( nbits ); mpi_invm (d, e, f ); /* calculate the inverse of p and q (used for chinese remainder theorem)*/ diff --git a/configure b/configure index 9bfba83..d14596e 100755 --- a/configure +++ b/configure @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libgcrypt 1.7.6. +# Generated by GNU Autoconf 2.69 for libgcrypt 1.7.7. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libgcrypt' PACKAGE_TARNAME='libgcrypt' -PACKAGE_VERSION='1.7.6' -PACKAGE_STRING='libgcrypt 1.7.6' +PACKAGE_VERSION='1.7.7' +PACKAGE_STRING='libgcrypt 1.7.7' PACKAGE_BUGREPORT='http://bugs.gnupg.org' PACKAGE_URL='' @@ -1452,7 +1452,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libgcrypt 1.7.6 to adapt to many kinds of systems. +\`configure' configures libgcrypt 1.7.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1522,7 +1522,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libgcrypt 1.7.6:";; + short | recursive ) echo "Configuration of libgcrypt 1.7.7:";; esac cat <<\_ACEOF @@ -1690,7 +1690,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libgcrypt configure 1.7.6 +libgcrypt configure 1.7.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2342,7 +2342,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libgcrypt $as_me 1.7.6, which was +It was created by libgcrypt $as_me 1.7.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2697,7 +2697,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=21 LIBGCRYPT_LT_AGE=1 -LIBGCRYPT_LT_REVISION=6 +LIBGCRYPT_LT_REVISION=7 # If the API is changed in an incompatible way: increment the next counter. @@ -3229,7 +3229,7 @@ fi # Define the identity of the package. PACKAGE='libgcrypt' - VERSION='1.7.6' + VERSION='1.7.7' cat >>confdefs.h <<_ACEOF @@ -3484,7 +3484,7 @@ cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF -VERSION_NUMBER=0x010706 +VERSION_NUMBER=0x010707 @@ -18712,7 +18712,7 @@ fi # # Provide information about the build. # -BUILD_REVISION="64e4808" +BUILD_REVISION="d9cebf5" cat >>confdefs.h <<_ACEOF @@ -18721,7 +18721,7 @@ _ACEOF BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` -BUILD_FILEVERSION="${BUILD_FILEVERSION}25828" +BUILD_FILEVERSION="${BUILD_FILEVERSION}55758" # Check whether --enable-build-timestamp was given. @@ -19387,7 +19387,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libgcrypt $as_me 1.7.6, which was +This file was extended by libgcrypt $as_me 1.7.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19457,7 +19457,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libgcrypt config.status 1.7.6 +libgcrypt config.status 1.7.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 487a1bc..b86c032 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [7]) -m4_define(mym4_version_micro, [6]) +m4_define(mym4_version_micro, [7]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=21 LIBGCRYPT_LT_AGE=1 -LIBGCRYPT_LT_REVISION=6 +LIBGCRYPT_LT_REVISION=7 # If the API is changed in an incompatible way: increment the next counter. diff --git a/doc/fips-fsm.eps b/doc/fips-fsm.eps index d2475a6..3fcc143 100644 --- a/doc/fips-fsm.eps +++ b/doc/fips-fsm.eps @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 -%%Title: /home/wk/s/libgcrypt/doc/fips-fsm.fig +%%Title: /home/wk/s/libgcrypt-1.7/doc/fips-fsm.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Tue Jan 6 19:07:13 2015 +%%CreationDate: Thu Jun 1 16:17:17 2017 %%BoundingBox: 0 0 497 579 %Magnification: 1.0000 %%EndComments diff --git a/doc/fips-fsm.pdf b/doc/fips-fsm.pdf index 1ebd15b..e28b682 100644 Binary files a/doc/fips-fsm.pdf and b/doc/fips-fsm.pdf differ diff --git a/doc/gcrypt.info b/doc/gcrypt.info index decf3c3..3026b65 100644 --- a/doc/gcrypt.info +++ b/doc/gcrypt.info @@ -1,6 +1,6 @@ This is gcrypt.info, produced by makeinfo version 6.3 from gcrypt.texi. -This manual is for Libgcrypt (version 1.7.6, 18 January 2017), which is +This manual is for Libgcrypt (version 1.7.7, 2 June 2017), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -24,7 +24,7 @@ File: gcrypt.info, Node: Top, Next: Introduction, Up: (dir) The Libgcrypt Library ********************* -This manual is for Libgcrypt (version 1.7.6, 18 January 2017), which is +This manual is for Libgcrypt (version 1.7.7, 2 June 2017), which is GNU's library of cryptographic building blocks. Copyright (C) 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 @@ -7190,108 +7190,108 @@ Function and Data Index  Tag Table: -Node: Top832 -Node: Introduction3354 -Node: Getting Started3726 -Node: Features4606 -Node: Overview5390 -Node: Preparation6013 -Node: Header6936 -Node: Building sources8007 -Node: Building sources using Automake9924 -Node: Initializing the library11852 -Ref: sample-use-suspend-secmem14920 -Ref: sample-use-resume-secmem15763 -Node: Multi-Threading16666 -Ref: Multi-Threading-Footnote-117845 -Node: Enabling FIPS mode18254 -Ref: enabling fips mode18435 -Node: Hardware features20247 -Ref: hardware features20414 -Ref: Hardware features-Footnote-121481 -Node: Generalities21642 -Node: Controlling the library21901 -Node: Error Handling38869 -Node: Error Values41408 -Node: Error Sources46348 -Node: Error Codes48616 -Node: Error Strings52092 -Node: Handler Functions53276 -Node: Progress handler53835 -Node: Allocation handler55984 -Node: Error handler57530 -Node: Logging handler59096 -Node: Symmetric cryptography59688 -Node: Available ciphers60428 -Node: Available cipher modes63109 -Node: Working with cipher handles66112 -Node: General cipher functions77581 -Node: Public Key cryptography81107 -Node: Available algorithms81873 -Node: Used S-expressions82222 -Node: RSA key parameters83339 -Node: DSA key parameters84614 -Node: ECC key parameters85268 -Ref: ecc_keyparam85419 -Node: Cryptographic Functions87290 -Node: General public-key related Functions99109 -Node: Hashing112629 -Node: Available hash algorithms113362 -Node: Working with hash algorithms118149 -Node: Message Authentication Codes132102 -Node: Available MAC algorithms132770 -Node: Working with MAC algorithms137932 -Node: Key Derivation143920 -Node: Random Numbers146322 -Node: Quality of random numbers146605 -Node: Retrieving random numbers147288 -Node: S-expressions148777 -Node: Data types for S-expressions149422 -Node: Working with S-expressions149748 -Node: MPI library163413 -Node: Data types164435 -Node: Basic functions164744 -Node: MPI formats167208 -Node: Calculations170732 -Node: Comparisons173001 -Node: Bit manipulations174004 -Node: EC functions175326 -Ref: gcry_mpi_ec_new178031 -Node: Miscellaneous183590 -Node: Prime numbers187734 -Node: Generation188004 -Node: Checking189291 -Node: Utilities189701 -Node: Memory allocation190013 -Node: Context management191369 -Ref: gcry_ctx_release191807 -Node: Buffer description191968 -Node: Tools192730 -Node: hmac256192897 -Node: Configuration193903 -Node: Architecture196089 -Ref: fig:subsystems197613 -Ref: Architecture-Footnote-1198699 -Ref: Architecture-Footnote-2198761 -Node: Public-Key Subsystem Architecture198845 -Node: Symmetric Encryption Subsystem Architecture201123 -Node: Hashing and MACing Subsystem Architecture202569 -Node: Multi-Precision-Integer Subsystem Architecture204492 -Node: Prime-Number-Generator Subsystem Architecture205930 -Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1207861 -Node: Random-Number Subsystem Architecture208153 -Node: CSPRNG Description210677 -Ref: CSPRNG Description-Footnote-1212233 -Node: FIPS PRNG Description212356 -Node: Self-Tests214490 -Node: FIPS Mode225949 -Ref: fig:fips-fsm229775 -Ref: tbl:fips-states229878 -Ref: tbl:fips-state-transitions231130 -Node: Library Copying234751 -Node: Copying262857 -Node: Figures and Tables282033 -Node: Concept Index282458 -Node: Function and Data Index293055 +Node: Top828 +Node: Introduction3346 +Node: Getting Started3718 +Node: Features4598 +Node: Overview5382 +Node: Preparation6005 +Node: Header6928 +Node: Building sources7999 +Node: Building sources using Automake9916 +Node: Initializing the library11844 +Ref: sample-use-suspend-secmem14912 +Ref: sample-use-resume-secmem15755 +Node: Multi-Threading16658 +Ref: Multi-Threading-Footnote-117837 +Node: Enabling FIPS mode18246 +Ref: enabling fips mode18427 +Node: Hardware features20239 +Ref: hardware features20406 +Ref: Hardware features-Footnote-121473 +Node: Generalities21634 +Node: Controlling the library21893 +Node: Error Handling38861 +Node: Error Values41400 +Node: Error Sources46340 +Node: Error Codes48608 +Node: Error Strings52084 +Node: Handler Functions53268 +Node: Progress handler53827 +Node: Allocation handler55976 +Node: Error handler57522 +Node: Logging handler59088 +Node: Symmetric cryptography59680 +Node: Available ciphers60420 +Node: Available cipher modes63101 +Node: Working with cipher handles66104 +Node: General cipher functions77573 +Node: Public Key cryptography81099 +Node: Available algorithms81865 +Node: Used S-expressions82214 +Node: RSA key parameters83331 +Node: DSA key parameters84606 +Node: ECC key parameters85260 +Ref: ecc_keyparam85411 +Node: Cryptographic Functions87282 +Node: General public-key related Functions99101 +Node: Hashing112621 +Node: Available hash algorithms113354 +Node: Working with hash algorithms118141 +Node: Message Authentication Codes132094 +Node: Available MAC algorithms132762 +Node: Working with MAC algorithms137924 +Node: Key Derivation143912 +Node: Random Numbers146314 +Node: Quality of random numbers146597 +Node: Retrieving random numbers147280 +Node: S-expressions148769 +Node: Data types for S-expressions149414 +Node: Working with S-expressions149740 +Node: MPI library163405 +Node: Data types164427 +Node: Basic functions164736 +Node: MPI formats167200 +Node: Calculations170724 +Node: Comparisons172993 +Node: Bit manipulations173996 +Node: EC functions175318 +Ref: gcry_mpi_ec_new178023 +Node: Miscellaneous183582 +Node: Prime numbers187726 +Node: Generation187996 +Node: Checking189283 +Node: Utilities189693 +Node: Memory allocation190005 +Node: Context management191361 +Ref: gcry_ctx_release191799 +Node: Buffer description191960 +Node: Tools192722 +Node: hmac256192889 +Node: Configuration193895 +Node: Architecture196081 +Ref: fig:subsystems197605 +Ref: Architecture-Footnote-1198691 +Ref: Architecture-Footnote-2198753 +Node: Public-Key Subsystem Architecture198837 +Node: Symmetric Encryption Subsystem Architecture201115 +Node: Hashing and MACing Subsystem Architecture202561 +Node: Multi-Precision-Integer Subsystem Architecture204484 +Node: Prime-Number-Generator Subsystem Architecture205922 +Ref: Prime-Number-Generator Subsystem Architecture-Footnote-1207853 +Node: Random-Number Subsystem Architecture208145 +Node: CSPRNG Description210669 +Ref: CSPRNG Description-Footnote-1212225 +Node: FIPS PRNG Description212348 +Node: Self-Tests214482 +Node: FIPS Mode225941 +Ref: fig:fips-fsm229767 +Ref: tbl:fips-states229870 +Ref: tbl:fips-state-transitions231122 +Node: Library Copying234743 +Node: Copying262849 +Node: Figures and Tables282025 +Node: Concept Index282450 +Node: Function and Data Index293047  End Tag Table diff --git a/doc/libgcrypt-modules.eps b/doc/libgcrypt-modules.eps index d33ce9f..5d6e03d 100644 --- a/doc/libgcrypt-modules.eps +++ b/doc/libgcrypt-modules.eps @@ -1,7 +1,7 @@ %!PS-Adobe-3.0 EPSF-3.0 -%%Title: /home/wk/s/libgcrypt/doc/libgcrypt-modules.fig +%%Title: /home/wk/s/libgcrypt-1.7/doc/libgcrypt-modules.fig %%Creator: fig2dev Version 3.2 Patchlevel 5e -%%CreationDate: Tue Jan 6 19:07:13 2015 +%%CreationDate: Thu Jun 1 16:17:17 2017 %%BoundingBox: 0 0 488 300 %Magnification: 1.0000 %%EndComments diff --git a/doc/libgcrypt-modules.pdf b/doc/libgcrypt-modules.pdf index d340c9e..b8a41bc 100644 Binary files a/doc/libgcrypt-modules.pdf and b/doc/libgcrypt-modules.pdf differ diff --git a/doc/stamp-vti b/doc/stamp-vti index ce113f3..133b4b6 100644 --- a/doc/stamp-vti +++ b/doc/stamp-vti @@ -1,4 +1,4 @@ -@set UPDATED 18 January 2017 -@set UPDATED-MONTH January 2017 -@set EDITION 1.7.6 -@set VERSION 1.7.6 +@set UPDATED 2 June 2017 +@set UPDATED-MONTH June 2017 +@set EDITION 1.7.7 +@set VERSION 1.7.7 diff --git a/doc/version.texi b/doc/version.texi index ce113f3..133b4b6 100644 --- a/doc/version.texi +++ b/doc/version.texi @@ -1,4 +1,4 @@ -@set UPDATED 18 January 2017 -@set UPDATED-MONTH January 2017 -@set EDITION 1.7.6 -@set VERSION 1.7.6 +@set UPDATED 2 June 2017 +@set UPDATED-MONTH June 2017 +@set EDITION 1.7.7 +@set VERSION 1.7.7 diff --git a/mpi/aarch64/distfiles b/mpi/aarch64/distfiles new file mode 100644 index 0000000..1327bd4 --- /dev/null +++ b/mpi/aarch64/distfiles @@ -0,0 +1,6 @@ +mpih-add1.S +mpih-mul1.S +mpih-mul2.S +mpih-mul3.S +mpih-sub1.S +mpi-asm-defs.h diff --git a/mpi/aarch64/mpi-asm-defs.h b/mpi/aarch64/mpi-asm-defs.h new file mode 100644 index 0000000..6519065 --- /dev/null +++ b/mpi/aarch64/mpi-asm-defs.h @@ -0,0 +1,4 @@ +/* This file defines some basic constants for the MPI machinery. We + * need to define the types on a per-CPU basis, so it is done with + * this file here. */ +#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG_LONG) diff --git a/mpi/aarch64/mpih-add1.S b/mpi/aarch64/mpih-add1.S new file mode 100644 index 0000000..fa8cd01 --- /dev/null +++ b/mpi/aarch64/mpih-add1.S @@ -0,0 +1,71 @@ +/* ARM64 add_n -- Add two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_add_n( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_ptr_t s2_ptr, x2 + * mpi_size_t size) x3 + */ + +.text + +.globl _gcry_mpih_add_n +.type _gcry_mpih_add_n,%function +_gcry_mpih_add_n: + and x5, x3, #3; + adds xzr, xzr, xzr; /* clear carry flag */ + + cbz x5, .Large_loop; + +.Loop: + ldr x4, [x1], #8; + sub x3, x3, #1; + ldr x11, [x2], #8; + and x5, x3, #3; + adcs x4, x4, x11; + str x4, [x0], #8; + cbz x3, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x4, x6, [x1], #16; + ldp x5, x7, [x2], #16; + ldp x8, x10, [x1], #16; + ldp x9, x11, [x2], #16; + sub x3, x3, #4; + adcs x4, x4, x5; + adcs x6, x6, x7; + adcs x8, x8, x9; + adcs x10, x10, x11; + stp x4, x6, [x0], #16; + stp x8, x10, [x0], #16; + cbnz x3, .Large_loop; + +.Lend: + adc x0, xzr, xzr; + ret; +.size _gcry_mpih_add_n,.-_gcry_mpih_add_n; diff --git a/mpi/aarch64/mpih-mul1.S b/mpi/aarch64/mpih-mul1.S new file mode 100644 index 0000000..65e98fe --- /dev/null +++ b/mpi/aarch64/mpih-mul1.S @@ -0,0 +1,96 @@ +/* ARM64 mul_1 -- Multiply a limb vector with a limb and store the result in + * a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_mul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_mul_1 +.type _gcry_mpih_mul_1,%function +_gcry_mpih_mul_1: + and x5, x2, #3; + mov x4, xzr; + + cbz x5, .Large_loop; + +.Loop: + ldr x5, [x1], #8; + sub x2, x2, #1; + mul x9, x5, x3; + umulh x10, x5, x3; + and x5, x2, #3; + adds x4, x4, x9; + str x4, [x0], #8; + adc x4, x10, xzr; + + cbz x2, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x5, x6, [x1]; + sub x2, x2, #4; + + mul x9, x5, x3; + ldp x7, x8, [x1, #16]; + umulh x10, x5, x3; + add x1, x1, #32; + + adds x4, x4, x9; + str x4, [x0], #8; + mul x11, x6, x3; + adc x4, x10, xzr; + + umulh x12, x6, x3; + + adds x4, x4, x11; + str x4, [x0], #8; + mul x13, x7, x3; + adc x4, x12, xzr; + + umulh x14, x7, x3; + + adds x4, x4, x13; + str x4, [x0], #8; + mul x15, x8, x3; + adc x4, x14, xzr; + + umulh x16, x8, x3; + + adds x4, x4, x15; + str x4, [x0], #8; + adc x4, x16, xzr; + + cbnz x2, .Large_loop; + +.Lend: + mov x0, x4; + ret; +.size _gcry_mpih_mul_1,.-_gcry_mpih_mul_1; diff --git a/mpi/aarch64/mpih-mul2.S b/mpi/aarch64/mpih-mul2.S new file mode 100644 index 0000000..bd3b2c9 --- /dev/null +++ b/mpi/aarch64/mpih-mul2.S @@ -0,0 +1,108 @@ +/* ARM64 mul_2 -- Multiply a limb vector with a limb and add the result to + * a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_addmul_1 +.type _gcry_mpih_addmul_1,%function +_gcry_mpih_addmul_1: + and x5, x2, #3; + mov x6, xzr; + mov x7, xzr; + + cbz x5, .Large_loop; + +.Loop: + ldr x5, [x1], #8; + + mul x12, x5, x3; + ldr x4, [x0]; + umulh x13, x5, x3; + sub x2, x2, #1; + + adds x12, x12, x4; + and x5, x2, #3; + adc x13, x13, x7; + adds x12, x12, x6; + str x12, [x0], #8; + adc x6, x7, x13; + + cbz x2, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x5, x9, [x1], #16; + sub x2, x2, #4; + ldp x4, x8, [x0]; + + mul x12, x5, x3; + umulh x13, x5, x3; + + adds x12, x12, x4; + mul x14, x9, x3; + adc x13, x13, x7; + adds x12, x12, x6; + umulh x15, x9, x3; + str x12, [x0], #8; + adc x6, x7, x13; + + adds x14, x14, x8; + ldp x5, x9, [x1], #16; + adc x15, x15, x7; + adds x14, x14, x6; + mul x12, x5, x3; + str x14, [x0], #8; + ldp x4, x8, [x0]; + umulh x13, x5, x3; + adc x6, x7, x15; + + adds x12, x12, x4; + mul x14, x9, x3; + adc x13, x13, x7; + adds x12, x12, x6; + umulh x15, x9, x3; + str x12, [x0], #8; + adc x6, x7, x13; + + adds x14, x14, x8; + adc x15, x15, x7; + adds x14, x14, x6; + str x14, [x0], #8; + adc x6, x7, x15; + + cbnz x2, .Large_loop; + +.Lend: + mov x0, x6; + ret; +.size _gcry_mpih_addmul_1,.-_gcry_mpih_addmul_1; diff --git a/mpi/aarch64/mpih-mul3.S b/mpi/aarch64/mpih-mul3.S new file mode 100644 index 0000000..a58bc53 --- /dev/null +++ b/mpi/aarch64/mpih-mul3.S @@ -0,0 +1,121 @@ +/* ARM mul_3 -- Multiply a limb vector with a limb and subtract the result + * from a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_submul_1( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_size_t s1_size, x2 + * mpi_limb_t s2_limb) x3 + */ + +.text + +.globl _gcry_mpih_submul_1 +.type _gcry_mpih_submul_1,%function +_gcry_mpih_submul_1: + and x5, x2, #3; + mov x7, xzr; + cbz x5, .Large_loop; + + subs xzr, xzr, xzr; + +.Loop: + ldr x4, [x1], #8; + cinc x7, x7, cc; + ldr x5, [x0]; + sub x2, x2, #1; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + and x10, x2, #3; + + cset x7, cc; + subs x5, x5, x6; + add x7, x7, x4; + str x5, [x0], #8; + + cbz x2, .Loop_end; + cbnz x10, .Loop; + + cinc x7, x7, cc; + +.Large_loop: + ldp x4, x8, [x1], #16; + sub x2, x2, #4; + ldp x5, x9, [x0]; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + + cset x7, cc; + subs x5, x5, x6; + mul x6, x8, x3; + add x7, x7, x4; + str x5, [x0], #8; + cinc x7, x7, cc; + + umulh x8, x8, x3; + + subs x9, x9, x7; + cset x7, cc; + subs x9, x9, x6; + ldp x4, x10, [x1], #16; + str x9, [x0], #8; + add x7, x7, x8; + ldp x5, x9, [x0]; + cinc x7, x7, cc; + + mul x6, x4, x3; + subs x5, x5, x7; + umulh x4, x4, x3; + + cset x7, cc; + subs x5, x5, x6; + mul x6, x10, x3; + add x7, x7, x4; + str x5, [x0], #8; + cinc x7, x7, cc; + + umulh x10, x10, x3; + + subs x9, x9, x7; + cset x7, cc; + subs x9, x9, x6; + add x7, x7, x10; + str x9, [x0], #8; + cinc x7, x7, cc; + + cbnz x2, .Large_loop; + + mov x0, x7; + ret; + +.Loop_end: + cinc x0, x7, cc; + ret; +.size _gcry_mpih_submul_1,.-_gcry_mpih_submul_1; diff --git a/mpi/aarch64/mpih-sub1.S b/mpi/aarch64/mpih-sub1.S new file mode 100644 index 0000000..cbf2f08 --- /dev/null +++ b/mpi/aarch64/mpih-sub1.S @@ -0,0 +1,71 @@ +/* ARM64 sub_n -- Subtract two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +/******************* + * mpi_limb_t + * _gcry_mpih_sub_n( mpi_ptr_t res_ptr, x0 + * mpi_ptr_t s1_ptr, x1 + * mpi_ptr_t s2_ptr, x2 + * mpi_size_t size) x3 + */ + +.text + +.globl _gcry_mpih_sub_n +.type _gcry_mpih_sub_n,%function +_gcry_mpih_sub_n: + and x5, x3, #3; + subs xzr, xzr, xzr; /* prepare carry flag for sub */ + + cbz x5, .Large_loop; + +.Loop: + ldr x4, [x1], #8; + sub x3, x3, #1; + ldr x11, [x2], #8; + and x5, x3, #3; + sbcs x4, x4, x11; + str x4, [x0], #8; + cbz x3, .Lend; + cbnz x5, .Loop; + +.Large_loop: + ldp x4, x6, [x1], #16; + ldp x5, x7, [x2], #16; + ldp x8, x10, [x1], #16; + ldp x9, x11, [x2], #16; + sub x3, x3, #4; + sbcs x4, x4, x5; + sbcs x6, x6, x7; + sbcs x8, x8, x9; + sbcs x10, x10, x11; + stp x4, x6, [x0], #16; + stp x8, x10, [x0], #16; + cbnz x3, .Large_loop; + +.Lend: + cset x0, cc; + ret; +.size _gcry_mpih_sub_n,.-_gcry_mpih_sub_n; diff --git a/mpi/amd64/distfiles b/mpi/amd64/distfiles index e7f92c8..44aad5f 100644 --- a/mpi/amd64/distfiles +++ b/mpi/amd64/distfiles @@ -6,3 +6,4 @@ mpih-mul2.S mpih-mul3.S mpih-rshift.S mpih-sub1.S +mpi-asm-defs.h diff --git a/mpi/amd64/mpi-asm-defs.h b/mpi/amd64/mpi-asm-defs.h new file mode 100644 index 0000000..6519065 --- /dev/null +++ b/mpi/amd64/mpi-asm-defs.h @@ -0,0 +1,4 @@ +/* This file defines some basic constants for the MPI machinery. We + * need to define the types on a per-CPU basis, so it is done with + * this file here. */ +#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG_LONG) diff --git a/mpi/arm/distfiles b/mpi/arm/distfiles new file mode 100644 index 0000000..27a2ca5 --- /dev/null +++ b/mpi/arm/distfiles @@ -0,0 +1,6 @@ +mpi-asm-defs.h +mpih-add1.S +mpih-mul1.S +mpih-mul2.S +mpih-mul3.S +mpih-sub1.S diff --git a/mpi/arm/mpi-asm-defs.h b/mpi/arm/mpi-asm-defs.h new file mode 100644 index 0000000..047d1f5 --- /dev/null +++ b/mpi/arm/mpi-asm-defs.h @@ -0,0 +1,4 @@ +/* This file defines some basic constants for the MPI machinery. We + * need to define the types on a per-CPU basis, so it is done with + * this file here. */ +#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG) diff --git a/mpi/arm/mpih-add1.S b/mpi/arm/mpih-add1.S new file mode 100644 index 0000000..09e8b3b --- /dev/null +++ b/mpi/arm/mpih-add1.S @@ -0,0 +1,76 @@ +/* ARM add_n -- Add two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Note: This code is heavily based on the GNU MP Library (version 4.2.1). + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +.syntax unified +.arm + +/******************* + * mpi_limb_t + * _gcry_mpih_add_n( mpi_ptr_t res_ptr, %r0 + * mpi_ptr_t s1_ptr, %r1 + * mpi_ptr_t s2_ptr, %r2 + * mpi_size_t size) %r3 + */ + +.text + +.globl _gcry_mpih_add_n +.type _gcry_mpih_add_n,%function +_gcry_mpih_add_n: + push {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %lr}; + cmn %r0, #0; /* clear carry flag */ + + tst %r3, #3; + beq .Large_loop; + +.Loop: + ldr %r4, [%r1], #4; + sub %r3, #1; + ldr %lr, [%r2], #4; + adcs %r4, %lr; + tst %r3, #3; + str %r4, [%r0], #4; + bne .Loop; + + teq %r3, #0; + beq .Lend; + +.Large_loop: + ldm %r1!, {%r4, %r6, %r8, %r10}; + ldm %r2!, {%r5, %r7, %r9, %lr}; + sub %r3, #4; + adcs %r4, %r5; + adcs %r6, %r7; + adcs %r8, %r9; + adcs %r10, %lr; + teq %r3, #0; + stm %r0!, {%r4, %r6, %r8, %r10}; + bne .Large_loop; + +.Lend: + adc %r0, %r3, #0; + pop {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %pc}; +.size _gcry_mpih_add_n,.-_gcry_mpih_add_n; diff --git a/mpi/arm/mpih-mul1.S b/mpi/arm/mpih-mul1.S new file mode 100644 index 0000000..c2e2854 --- /dev/null +++ b/mpi/arm/mpih-mul1.S @@ -0,0 +1,80 @@ +/* ARM mul_1 -- Multiply a limb vector with a limb and store the result in + * a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Note: This code is heavily based on the GNU MP Library (version 4.2.1). + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +.syntax unified +.arm + +/******************* + * mpi_limb_t + * _gcry_mpih_mul_1( mpi_ptr_t res_ptr, %r0 + * mpi_ptr_t s1_ptr, %r1 + * mpi_size_t s1_size, %r2 + * mpi_limb_t s2_limb) %r3 + */ + +.text + +.globl _gcry_mpih_mul_1 +.type _gcry_mpih_mul_1,%function +_gcry_mpih_mul_1: + push {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %r11, %lr}; + mov %r4, #0; + + tst %r2, #3; + beq .Large_loop; + +.Loop: + ldr %r5, [%r1], #4; + mov %lr, #0; + umlal %r4, %lr, %r5, %r3; + sub %r2, #1; + str %r4, [%r0], #4; + tst %r2, #3; + mov %r4, %lr; + bne .Loop; + + teq %r2, #0; + beq .Lend; + +.Large_loop: + ldm %r1!, {%r5, %r6, %r7, %r8}; + mov %r9, #0; + mov %r10, #0; + umlal %r4, %r9, %r5, %r3; + mov %r11, #0; + umlal %r9, %r10, %r6, %r3; + str %r4, [%r0], #4; + mov %r4, #0; + umlal %r10, %r11, %r7, %r3; + subs %r2, #4; + umlal %r11, %r4, %r8, %r3; + stm %r0!, {%r9, %r10, %r11}; + bne .Large_loop; + +.Lend: + mov %r0, %r4; + pop {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %r11, %pc}; +.size _gcry_mpih_mul_1,.-_gcry_mpih_mul_1; diff --git a/mpi/arm/mpih-mul2.S b/mpi/arm/mpih-mul2.S new file mode 100644 index 0000000..bce932e --- /dev/null +++ b/mpi/arm/mpih-mul2.S @@ -0,0 +1,94 @@ +/* ARM mul_2 -- Multiply a limb vector with a limb and add the result to + * a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Note: This code is heavily based on the GNU MP Library (version 4.2.1). + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +.syntax unified +.arm + +/******************* + * mpi_limb_t + * _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, %r0 + * mpi_ptr_t s1_ptr, %r1 + * mpi_size_t s1_size, %r2 + * mpi_limb_t s2_limb) %r3 + */ + +.text + +.globl _gcry_mpih_addmul_1 +.type _gcry_mpih_addmul_1,%function +_gcry_mpih_addmul_1: + push {%r4, %r5, %r6, %r8, %r10, %lr}; + mov %lr, #0; + cmn %r0, #0; /* clear carry flag */ + + tst %r2, #3; + beq .Large_loop; +.Loop: + ldr %r5, [%r1], #4; + ldr %r4, [%r0]; + sub %r2, #1; + adcs %r4, %lr; + mov %lr, #0; + umlal %r4, %lr, %r5, %r3; + tst %r2, #3; + str %r4, [%r0], #4; + bne .Loop; + + teq %r2, #0; + beq .Lend; + +.Large_loop: + ldr %r5, [%r1], #4; + ldm %r0, {%r4, %r6, %r8, %r10}; + + sub %r2, #4; + adcs %r4, %lr; + mov %lr, #0; + umlal %r4, %lr, %r5, %r3; + + ldr %r5, [%r1], #4; + adcs %r6, %lr; + mov %lr, #0; + umlal %r6, %lr, %r5, %r3; + + ldr %r5, [%r1], #4; + adcs %r8, %lr; + mov %lr, #0; + umlal %r8, %lr, %r5, %r3; + + ldr %r5, [%r1], #4; + adcs %r10, %lr; + mov %lr, #0; + umlal %r10, %lr, %r5, %r3; + + teq %r2, #0; + stm %r0!, {%r4, %r6, %r8, %r10}; + bne .Large_loop; + +.Lend: + adc %r0, %lr, #0; + pop {%r4, %r5, %r6, %r8, %r10, %pc}; +.size _gcry_mpih_addmul_1,.-_gcry_mpih_addmul_1; diff --git a/mpi/arm/mpih-mul3.S b/mpi/arm/mpih-mul3.S new file mode 100644 index 0000000..33326c7 --- /dev/null +++ b/mpi/arm/mpih-mul3.S @@ -0,0 +1,100 @@ +/* ARM mul_3 -- Multiply a limb vector with a limb and subtract the result + * from a second limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Note: This code is heavily based on the GNU MP Library (version 4.2.1). + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +.syntax unified +.arm + +/******************* + * mpi_limb_t + * _gcry_mpih_submul_1( mpi_ptr_t res_ptr, %r0 + * mpi_ptr_t s1_ptr, %r1 + * mpi_size_t s1_size, %r2 + * mpi_limb_t s2_limb) %r3 + */ + +.text + +.globl _gcry_mpih_submul_1 +.type _gcry_mpih_submul_1,%function +_gcry_mpih_submul_1: + push {%r4, %r5, %r6, %r8, %r9, %r10, %lr}; + mov %lr, #0; + cmp %r0, #0; /* prepare carry flag for sbc */ + + tst %r2, #3; + beq .Large_loop; +.Loop: + ldr %r5, [%r1], #4; + mov %r4, %lr; + mov %lr, #0; + ldr %r6, [%r0]; + umlal %r4, %lr, %r5, %r3; + sub %r2, #1; + sbcs %r4, %r6, %r4; + tst %r2, #3; + str %r4, [%r0], #4; + bne .Loop; + + teq %r2, #0; + beq .Lend; + +.Large_loop: + ldr %r5, [%r1], #4; + mov %r9, #0; + ldr %r4, [%r0, #0]; + + umlal %lr, %r9, %r5, %r3; + ldr %r6, [%r0, #4]; + ldr %r5, [%r1], #4; + sbcs %r4, %r4, %lr; + + mov %lr, #0; + umlal %r9, %lr, %r5, %r3; + ldr %r8, [%r0, #8]; + ldr %r5, [%r1], #4; + sbcs %r6, %r6, %r9; + + mov %r9, #0; + umlal %lr, %r9, %r5, %r3; + ldr %r10, [%r0, #12]; + ldr %r5, [%r1], #4; + sbcs %r8, %r8, %lr; + + mov %lr, #0; + umlal %r9, %lr, %r5, %r3; + sub %r2, #4; + sbcs %r10, %r10, %r9; + + teq %r2, #0; + stm %r0!, {%r4, %r6, %r8, %r10}; + bne .Large_loop; + +.Lend: + it cc + movcc %r2, #1; + add %r0, %lr, %r2; + pop {%r4, %r5, %r6, %r8, %r9, %r10, %pc}; +.size _gcry_mpih_submul_1,.-_gcry_mpih_submul_1; diff --git a/mpi/arm/mpih-sub1.S b/mpi/arm/mpih-sub1.S new file mode 100644 index 0000000..593e3cd --- /dev/null +++ b/mpi/arm/mpih-sub1.S @@ -0,0 +1,77 @@ +/* ARM sub_n -- Subtract two limb vectors of the same length > 0 and store + * sum in a third limb vector. + * + * Copyright (C) 2013 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Note: This code is heavily based on the GNU MP Library (version 4.2.1). + */ + +#include "sysdep.h" +#include "asm-syntax.h" + +.syntax unified +.arm + +/******************* + * mpi_limb_t + * _gcry_mpih_sub_n( mpi_ptr_t res_ptr, %r0 + * mpi_ptr_t s1_ptr, %r1 + * mpi_ptr_t s2_ptr, %r2 + * mpi_size_t size) %r3 + */ + +.text + +.globl _gcry_mpih_sub_n +.type _gcry_mpih_sub_n,%function +_gcry_mpih_sub_n: + push {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %lr}; + cmp %r0, #0; /* prepare carry flag for sub */ + + tst %r3, #3; + beq .Large_loop; + +.Loop: + ldr %r4, [%r1], #4; + sub %r3, #1; + ldr %lr, [%r2], #4; + sbcs %r4, %lr; + tst %r3, #3; + str %r4, [%r0], #4; + bne .Loop; + + teq %r3, #0; + beq .Lend; + +.Large_loop: + ldm %r1!, {%r4, %r6, %r8, %r10}; + sub %r3, #4; + ldm %r2!, {%r5, %r7, %r9, %lr}; + sbcs %r4, %r5; + sbcs %r6, %r7; + sbcs %r8, %r9; + sbcs %r10, %lr; + teq %r3, #0; + stm %r0!, {%r4, %r6, %r8, %r10}; + bne .Large_loop; + +.Lend: + sbc %r0, %r3, #0; + neg %r0, %r0; + pop {%r4, %r5, %r6, %r7, %r8, %r9, %r10, %pc}; +.size _gcry_mpih_sub_n,.-_gcry_mpih_sub_n; diff --git a/mpi/ec.c b/mpi/ec.c index 26dd947..3ac0547 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1255,7 +1255,12 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, || (ctx->model == MPI_EC_WEIERSTRASS && mpi_is_secure (scalar))) { - /* Simple left to right binary method. GECC Algorithm 3.27 */ + /* Simple left to right binary method. Algorithm 3.27 from + * {author={Hankerson, Darrel and Menezes, Alfred J. and Vanstone, Scott}, + * title = {Guide to Elliptic Curve Cryptography}, + * year = {2003}, isbn = {038795273X}, + * url = {http://www.cacr.math.uwaterloo.ca/ecc/}, + * publisher = {Springer-Verlag New York, Inc.}} */ unsigned int nbits; int j; diff --git a/src/secmem.c b/src/secmem.c index 46bbf82..b2a9667 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -454,7 +454,7 @@ init_pool (pooldesc_t *pool, size_t n) /* Initialize first memory block. */ mb = (memblock_t *) pool->mem; - mb->size = pool->size; + mb->size = pool->size - BLOCK_HEAD_SIZE; mb->flags = 0; } @@ -610,7 +610,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) mb = mb_get_new (pool, (memblock_t *) pool->mem, size); if (mb) { - stats_update (pool, size, 0); + stats_update (pool, mb->size, 0); return &mb->aligned.c; } @@ -624,7 +624,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) mb = mb_get_new (pool, (memblock_t *) pool->mem, size); if (mb) { - stats_update (pool, size, 0); + stats_update (pool, mb->size, 0); return &mb->aligned.c; } } @@ -641,7 +641,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) return NULL; /* Not enough memory available for a new pool. */ /* Initialize first memory block. */ mb = (memblock_t *) pool->mem; - mb->size = pool->size; + mb->size = pool->size - BLOCK_HEAD_SIZE; mb->flags = 0; pool->okay = 1; @@ -660,7 +660,7 @@ _gcry_secmem_malloc_internal (size_t size, int xhint) mb = mb_get_new (pool, (memblock_t *) pool->mem, size); if (mb) { - stats_update (pool, size, 0); + stats_update (pool, mb->size, 0); return &mb->aligned.c; } }